Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit zeroaccess still detected by combofix


  • This topic is locked This topic is locked
13 replies to this topic

#1 krustus

krustus

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 13 February 2012 - 11:49 AM

i used kaspersky recuse disk 10... then ran combofix twice. my machine seems to be running great but if i run combofix again it still says rootkit zeroaccess detected. i am pretty sure it got rid of the infection and i just have some kind of file or something that is still lingering, but i am no expert. please someone help.

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:09 PM

Posted 17 February 2012 - 03:02 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Please post the ComboFix log file. It can be located in your C:\ drive.


It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 krustus

krustus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 17 February 2012 - 02:59 PM

1. thanks for taking the time to help...

2.tdss killer log
13:15:28.0078 1612 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
13:15:28.0640 1612 ============================================================
13:15:28.0640 1612 Current date / time: 2012/02/17 13:15:28.0640
13:15:28.0640 1612 SystemInfo:
13:15:28.0640 1612
13:15:28.0640 1612 OS Version: 5.1.2600 ServicePack: 3.0
13:15:28.0640 1612 Product type: Workstation
13:15:28.0640 1612 ComputerName: CHARLES
13:15:28.0640 1612 UserName: User
13:15:28.0640 1612 Windows directory: C:\windows
13:15:28.0640 1612 System windows directory: C:\windows
13:15:28.0640 1612 Processor architecture: Intel x86
13:15:28.0640 1612 Number of processors: 2
13:15:28.0640 1612 Page size: 0x1000
13:15:28.0640 1612 Boot type: Normal boot
13:15:28.0640 1612 ============================================================
13:15:31.0843 1612 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xEC93D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
13:15:31.0843 1612 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:15:31.0859 1612 Drive \Device\Harddisk2\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:15:35.0687 1612 \Device\Harddisk0\DR0:
13:15:35.0687 1612 MBR used
13:15:35.0687 1612 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A385FF1
13:15:35.0687 1612 \Device\Harddisk1\DR1:
13:15:35.0687 1612 MBR used
13:15:35.0687 1612 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:15:35.0687 1612 \Device\Harddisk2\DR4:
13:15:35.0687 1612 MBR used
13:15:35.0687 1612 \Device\Harddisk2\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:15:36.0125 1612 Initialize success
13:15:36.0125 1612 ============================================================
13:15:38.0546 2328 ============================================================
13:15:38.0546 2328 Scan started
13:15:38.0546 2328 Mode: Manual;
13:15:38.0546 2328 ============================================================
13:15:38.0906 2328 Abiosdsk - ok
13:15:38.0968 2328 abp480n5 - ok
13:15:39.0015 2328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys
13:15:39.0015 2328 ACPI - ok
13:15:39.0062 2328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys
13:15:39.0078 2328 ACPIEC - ok
13:15:39.0125 2328 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\windows\system32\drivers\adfs.sys
13:15:39.0125 2328 adfs - ok
13:15:39.0171 2328 adpu160m - ok
13:15:39.0203 2328 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
13:15:39.0203 2328 aec - ok
13:15:39.0250 2328 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\windows\System32\drivers\afd.sys
13:15:39.0250 2328 AFD - ok
13:15:39.0265 2328 Aha154x - ok
13:15:39.0265 2328 aic78u2 - ok
13:15:39.0281 2328 aic78xx - ok
13:15:39.0296 2328 AliIde - ok
13:15:39.0312 2328 amsint - ok
13:15:39.0328 2328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys
13:15:39.0328 2328 Arp1394 - ok
13:15:39.0343 2328 asc - ok
13:15:39.0359 2328 asc3350p - ok
13:15:39.0375 2328 asc3550 - ok
13:15:39.0390 2328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
13:15:39.0406 2328 AsyncMac - ok
13:15:39.0406 2328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
13:15:39.0406 2328 atapi - ok
13:15:39.0421 2328 Atdisk - ok
13:15:39.0484 2328 ati2mtag (ffe23eba27295053e2e8e5079eb66a8e) C:\windows\system32\DRIVERS\ati2mtag.sys
13:15:39.0515 2328 ati2mtag - ok
13:15:39.0546 2328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
13:15:39.0546 2328 Atmarpc - ok
13:15:39.0562 2328 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
13:15:39.0562 2328 audstub - ok
13:15:39.0609 2328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
13:15:39.0609 2328 Beep - ok
13:15:39.0718 2328 catchme - ok
13:15:39.0734 2328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
13:15:39.0734 2328 cbidf2k - ok
13:15:39.0750 2328 cd20xrnt - ok
13:15:39.0765 2328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
13:15:39.0765 2328 Cdaudio - ok
13:15:39.0781 2328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
13:15:39.0781 2328 Cdfs - ok
13:15:39.0812 2328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
13:15:39.0812 2328 Cdrom - ok
13:15:39.0828 2328 Changer - ok
13:15:39.0843 2328 CmdIde - ok
13:15:39.0859 2328 cojug - ok
13:15:39.0875 2328 Cpqarray - ok
13:15:39.0890 2328 dac2w2k - ok
13:15:39.0906 2328 dac960nt - ok
13:15:39.0921 2328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
13:15:39.0921 2328 Disk - ok
13:15:39.0968 2328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys
13:15:39.0984 2328 dmboot - ok
13:15:39.0984 2328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys
13:15:40.0000 2328 dmio - ok
13:15:40.0000 2328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
13:15:40.0000 2328 dmload - ok
13:15:40.0031 2328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
13:15:40.0046 2328 DMusic - ok
13:15:40.0046 2328 dpti2o - ok
13:15:40.0078 2328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
13:15:40.0078 2328 drmkaud - ok
13:15:40.0093 2328 EverestDriver - ok
13:15:40.0109 2328 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
13:15:40.0109 2328 Fastfat - ok
13:15:40.0125 2328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\drivers\Fdc.sys
13:15:40.0125 2328 Fdc - ok
13:15:40.0140 2328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys
13:15:40.0140 2328 Fips - ok
13:15:40.0156 2328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys
13:15:40.0156 2328 Flpydisk - ok
13:15:40.0171 2328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys
13:15:40.0171 2328 FltMgr - ok
13:15:40.0187 2328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
13:15:40.0187 2328 Fs_Rec - ok
13:15:40.0203 2328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
13:15:40.0203 2328 Ftdisk - ok
13:15:40.0250 2328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
13:15:40.0250 2328 Gpc - ok
13:15:40.0296 2328 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\windows\system32\drivers\hardlock.sys
13:15:40.0312 2328 Hardlock - ok
13:15:40.0328 2328 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\windows\system32\drivers\Haspnt.sys
13:15:40.0328 2328 Haspnt - ok
13:15:40.0328 2328 Scan interrupted by user!
13:15:40.0328 2328 Scan interrupted by user!
13:15:40.0328 2328 Scan interrupted by user!
13:15:40.0328 2328 ============================================================
13:15:40.0328 2328 Scan finished
13:15:40.0328 2328 ============================================================
13:15:40.0343 1972 Detected object count: 0
13:15:40.0343 1972 Actual detected object count: 0
13:15:57.0453 3412 ============================================================
13:15:57.0453 3412 Scan started
13:15:57.0453 3412 Mode: Manual; SigCheck; TDLFS;
13:15:57.0453 3412 ============================================================
13:15:57.0562 3412 Abiosdsk - ok
13:15:57.0578 3412 abp480n5 - ok
13:15:57.0609 3412 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys
13:15:58.0984 3412 ACPI - ok
13:15:59.0093 3412 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys
13:15:59.0265 3412 ACPIEC - ok
13:15:59.0296 3412 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\windows\system32\drivers\adfs.sys
13:15:59.0312 3412 adfs - ok
13:15:59.0328 3412 adpu160m - ok
13:15:59.0343 3412 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
13:15:59.0515 3412 aec - ok
13:15:59.0562 3412 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\windows\System32\drivers\afd.sys
13:15:59.0625 3412 AFD - ok
13:15:59.0640 3412 Aha154x - ok
13:15:59.0640 3412 aic78u2 - ok
13:15:59.0656 3412 aic78xx - ok
13:15:59.0671 3412 AliIde - ok
13:15:59.0687 3412 amsint - ok
13:15:59.0703 3412 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys
13:15:59.0906 3412 Arp1394 - ok
13:15:59.0921 3412 asc - ok
13:15:59.0937 3412 asc3350p - ok
13:15:59.0937 3412 asc3550 - ok
13:15:59.0968 3412 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
13:16:00.0125 3412 AsyncMac - ok
13:16:00.0140 3412 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
13:16:00.0296 3412 atapi - ok
13:16:00.0312 3412 Atdisk - ok
13:16:00.0375 3412 ati2mtag (ffe23eba27295053e2e8e5079eb66a8e) C:\windows\system32\DRIVERS\ati2mtag.sys
13:16:00.0453 3412 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
13:16:00.0453 3412 ati2mtag - detected UnsignedFile.Multi.Generic (1)
13:16:00.0500 3412 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
13:16:00.0656 3412 Atmarpc - ok
13:16:00.0671 3412 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
13:16:00.0828 3412 audstub - ok
13:16:00.0859 3412 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
13:16:01.0031 3412 Beep - ok
13:16:01.0156 3412 catchme - ok
13:16:01.0187 3412 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
13:16:01.0375 3412 cbidf2k - ok
13:16:01.0390 3412 cd20xrnt - ok
13:16:01.0406 3412 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
13:16:01.0562 3412 Cdaudio - ok
13:16:01.0578 3412 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
13:16:01.0734 3412 Cdfs - ok
13:16:01.0781 3412 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
13:16:01.0937 3412 Cdrom - ok
13:16:01.0953 3412 Changer - ok
13:16:01.0968 3412 CmdIde - ok
13:16:01.0984 3412 cojug - ok
13:16:02.0000 3412 Cpqarray - ok
13:16:02.0000 3412 dac2w2k - ok
13:16:02.0015 3412 dac960nt - ok
13:16:02.0031 3412 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
13:16:02.0187 3412 Disk - ok
13:16:02.0218 3412 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys
13:16:02.0421 3412 dmboot - ok
13:16:02.0437 3412 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys
13:16:02.0578 3412 dmio - ok
13:16:02.0593 3412 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
13:16:02.0765 3412 dmload - ok
13:16:02.0828 3412 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
13:16:02.0968 3412 DMusic - ok
13:16:02.0984 3412 dpti2o - ok
13:16:03.0000 3412 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
13:16:03.0156 3412 drmkaud - ok
13:16:03.0171 3412 EverestDriver - ok
13:16:03.0187 3412 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
13:16:03.0359 3412 Fastfat - ok
13:16:03.0375 3412 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\drivers\Fdc.sys
13:16:03.0531 3412 Fdc - ok
13:16:03.0546 3412 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys
13:16:03.0687 3412 Fips - ok
13:16:03.0703 3412 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys
13:16:03.0859 3412 Flpydisk - ok
13:16:03.0875 3412 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys
13:16:04.0031 3412 FltMgr - ok
13:16:04.0046 3412 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
13:16:04.0187 3412 Fs_Rec - ok
13:16:04.0203 3412 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
13:16:04.0359 3412 Ftdisk - ok
13:16:04.0375 3412 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
13:16:04.0515 3412 Gpc - ok
13:16:04.0562 3412 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\windows\system32\drivers\hardlock.sys
13:16:04.0640 3412 Hardlock - ok
13:16:04.0671 3412 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\windows\system32\drivers\Haspnt.sys
13:16:04.0671 3412 Haspnt ( UnsignedFile.Multi.Generic ) - warning
13:16:04.0671 3412 Haspnt - detected UnsignedFile.Multi.Generic (1)
13:16:04.0703 3412 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys
13:16:04.0859 3412 HDAudBus - ok
13:16:04.0906 3412 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
13:16:05.0031 3412 HidUsb - ok
13:16:05.0046 3412 hpn - ok
13:16:05.0093 3412 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\windows\system32\DRIVERS\HPZid412.sys
13:16:05.0234 3412 HPZid412 - ok
13:16:05.0296 3412 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\windows\system32\DRIVERS\HPZipr12.sys
13:16:05.0328 3412 HPZipr12 - ok
13:16:05.0343 3412 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\windows\system32\DRIVERS\HPZius12.sys
13:16:05.0406 3412 HPZius12 - ok
13:16:05.0468 3412 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
13:16:05.0531 3412 HTTP - ok
13:16:05.0546 3412 i2omgmt - ok
13:16:05.0562 3412 i2omp - ok
13:16:05.0578 3412 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys
13:16:05.0718 3412 i8042prt - ok
13:16:05.0781 3412 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
13:16:05.0937 3412 Imapi - ok
13:16:05.0953 3412 ini910u - ok
13:16:06.0062 3412 IntcAzAudAddService (a575138ad572c12cffa122b89a382b7e) C:\windows\system32\drivers\RtkHDAud.sys
13:16:06.0265 3412 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
13:16:06.0265 3412 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
13:16:06.0281 3412 IntelIde - ok
13:16:06.0296 3412 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys
13:16:06.0453 3412 Ip6Fw - ok
13:16:06.0468 3412 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:16:06.0609 3412 IpFilterDriver - ok
13:16:06.0640 3412 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
13:16:06.0796 3412 IpInIp - ok
13:16:06.0812 3412 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
13:16:06.0953 3412 IpNat - ok
13:16:06.0984 3412 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
13:16:07.0125 3412 IPSec - ok
13:16:07.0156 3412 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
13:16:07.0203 3412 IRENUM - ok
13:16:07.0234 3412 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys
13:16:07.0390 3412 isapnp - ok
13:16:07.0406 3412 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys
13:16:07.0546 3412 Kbdclass - ok
13:16:07.0562 3412 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys
13:16:07.0703 3412 kbdhid - ok
13:16:07.0765 3412 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\windows\system32\DRIVERS\kl1.sys
13:16:07.0812 3412 KL1 - ok
13:16:07.0843 3412 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\windows\system32\DRIVERS\kl2.sys
13:16:07.0859 3412 kl2 - ok
13:16:07.0890 3412 KLIF (5d92a03045a6a98708975b3d77b39a36) C:\windows\system32\DRIVERS\klif.sys
13:16:07.0921 3412 KLIF - ok
13:16:07.0984 3412 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\windows\system32\DRIVERS\klim5.sys
13:16:08.0000 3412 klim5 - ok
13:16:08.0031 3412 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\windows\system32\DRIVERS\klmouflt.sys
13:16:08.0046 3412 klmouflt - ok
13:16:08.0078 3412 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
13:16:08.0234 3412 kmixer - ok
13:16:08.0250 3412 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
13:16:08.0312 3412 KSecDD - ok
13:16:08.0328 3412 lbrtfdc - ok
13:16:08.0437 3412 MFE_RR - ok
13:16:08.0453 3412 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
13:16:08.0609 3412 mnmdd - ok
13:16:08.0640 3412 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys
13:16:08.0796 3412 Modem - ok
13:16:08.0828 3412 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys
13:16:08.0968 3412 Mouclass - ok
13:16:08.0984 3412 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys
13:16:09.0125 3412 mouhid - ok
13:16:09.0140 3412 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
13:16:09.0312 3412 MountMgr - ok
13:16:09.0328 3412 mraid35x - ok
13:16:09.0343 3412 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
13:16:09.0500 3412 MRxDAV - ok
13:16:09.0531 3412 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys
13:16:09.0625 3412 MRxSmb - ok
13:16:09.0640 3412 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
13:16:09.0781 3412 Msfs - ok
13:16:09.0812 3412 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
13:16:09.0953 3412 MSKSSRV - ok
13:16:09.0968 3412 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
13:16:10.0125 3412 MSPCLOCK - ok
13:16:10.0140 3412 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
13:16:10.0296 3412 MSPQM - ok
13:16:10.0328 3412 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
13:16:10.0468 3412 mssmbios - ok
13:16:10.0500 3412 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys
13:16:10.0531 3412 Mup - ok
13:16:10.0562 3412 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\windows\system32\DRIVERS\mxopswd.sys
13:16:10.0625 3412 MXOPSWD - ok
13:16:10.0640 3412 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
13:16:10.0781 3412 NDIS - ok
13:16:10.0828 3412 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys
13:16:10.0859 3412 NdisTapi - ok
13:16:10.0875 3412 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
13:16:11.0015 3412 Ndisuio - ok
13:16:11.0046 3412 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
13:16:11.0187 3412 NdisWan - ok
13:16:11.0250 3412 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
13:16:11.0281 3412 NDProxy - ok
13:16:11.0281 3412 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
13:16:11.0437 3412 NetBIOS - ok
13:16:11.0453 3412 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
13:16:11.0609 3412 NetBT - ok
13:16:11.0640 3412 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys
13:16:11.0781 3412 NIC1394 - ok
13:16:11.0796 3412 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
13:16:11.0937 3412 Npfs - ok
13:16:11.0968 3412 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
13:16:12.0125 3412 Ntfs - ok
13:16:12.0171 3412 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
13:16:12.0312 3412 Null - ok
13:16:12.0453 3412 nv (23b95a09677e62ec8d1641ecf39b9bfb) C:\windows\system32\DRIVERS\nv4_mini.sys
13:16:12.0734 3412 nv - ok
13:16:12.0781 3412 nvata (947c4a0e7b25bcecc3b40f0f1070378b) C:\windows\system32\DRIVERS\nvata.sys
13:16:12.0828 3412 nvata - ok
13:16:12.0859 3412 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\windows\system32\DRIVERS\NVENETFD.sys
13:16:12.0890 3412 NVENETFD - ok
13:16:12.0906 3412 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\windows\system32\DRIVERS\nvnetbus.sys
13:16:12.0953 3412 nvnetbus - ok
13:16:12.0968 3412 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
13:16:13.0109 3412 NwlnkFlt - ok
13:16:13.0125 3412 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
13:16:13.0281 3412 NwlnkFwd - ok
13:16:13.0296 3412 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys
13:16:13.0421 3412 ohci1394 - ok
13:16:13.0562 3412 Par1284 (8e55251d83763ccca60fe26a811cfb0c) C:\Program Files\FlexiSIGN-PRO 7.6v2\Program\Par1284.sys
13:16:13.0593 3412 Par1284 ( UnsignedFile.Multi.Generic ) - warning
13:16:13.0593 3412 Par1284 - detected UnsignedFile.Multi.Generic (1)
13:16:13.0625 3412 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\drivers\Parport.sys
13:16:13.0765 3412 Parport - ok
13:16:13.0781 3412 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
13:16:13.0906 3412 PartMgr - ok
13:16:13.0937 3412 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys
13:16:14.0078 3412 ParVdm - ok
13:16:14.0093 3412 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys
13:16:14.0234 3412 PCI - ok
13:16:14.0250 3412 PCIDump - ok
13:16:14.0265 3412 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys
13:16:14.0390 3412 PCIIde - ok
13:16:14.0421 3412 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys
13:16:14.0546 3412 Pcmcia - ok
13:16:14.0562 3412 PDCOMP - ok
13:16:14.0578 3412 PDFRAME - ok
13:16:14.0593 3412 PDRELI - ok
13:16:14.0593 3412 PDRFRAME - ok
13:16:14.0609 3412 perc2 - ok
13:16:14.0625 3412 perc2hib - ok
13:16:14.0671 3412 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
13:16:14.0828 3412 PptpMiniport - ok
13:16:14.0859 3412 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\windows\system32\DRIVERS\processr.sys
13:16:14.0984 3412 Processor - ok
13:16:15.0000 3412 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
13:16:15.0140 3412 PSched - ok
13:16:15.0218 3412 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
13:16:15.0359 3412 Ptilink - ok
13:16:15.0375 3412 ql1080 - ok
13:16:15.0390 3412 Ql10wnt - ok
13:16:15.0406 3412 ql12160 - ok
13:16:15.0406 3412 ql1240 - ok
13:16:15.0421 3412 ql1280 - ok
13:16:15.0437 3412 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
13:16:15.0562 3412 RasAcd - ok
13:16:15.0593 3412 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
13:16:15.0718 3412 Rasl2tp - ok
13:16:15.0781 3412 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
13:16:15.0921 3412 RasPppoe - ok
13:16:15.0921 3412 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
13:16:16.0046 3412 Raspti - ok
13:16:16.0062 3412 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
13:16:16.0218 3412 Rdbss - ok
13:16:16.0234 3412 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
13:16:16.0343 3412 RDPCDD - ok
13:16:16.0359 3412 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys
13:16:16.0515 3412 rdpdr - ok
13:16:16.0562 3412 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\windows\system32\drivers\RDPWD.sys
13:16:16.0593 3412 RDPWD - ok
13:16:16.0609 3412 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys
13:16:16.0750 3412 redbook - ok
13:16:16.0796 3412 RimUsb - ok
13:16:16.0859 3412 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
13:16:16.0937 3412 RimVSerPort - ok
13:16:16.0953 3412 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\windows\system32\Drivers\RootMdm.sys
13:16:17.0109 3412 ROOTMODEM - ok
13:16:17.0250 3412 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:16:17.0265 3412 SASDIFSV - ok
13:16:17.0281 3412 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:16:17.0296 3412 SASKUTIL - ok
13:16:17.0328 3412 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
13:16:17.0390 3412 Secdrv - ok
13:16:17.0421 3412 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\windows\System32\Drivers\SENTINEL.SYS
13:16:17.0437 3412 Sentinel ( UnsignedFile.Multi.Generic ) - warning
13:16:17.0437 3412 Sentinel - detected UnsignedFile.Multi.Generic (1)
13:16:17.0453 3412 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\drivers\Serial.sys
13:16:17.0593 3412 Serial - ok
13:16:17.0609 3412 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
13:16:17.0750 3412 Sfloppy - ok
13:16:17.0765 3412 Simbad - ok
13:16:17.0781 3412 snapman (64bd4cf25e70a3291d85d927b6270b9c) C:\windows\system32\DRIVERS\snapman.sys
13:16:17.0859 3412 snapman ( UnsignedFile.Multi.Generic ) - warning
13:16:17.0859 3412 snapman - detected UnsignedFile.Multi.Generic (1)
13:16:17.0875 3412 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\windows\system32\DRIVERS\snman380.sys
13:16:17.0890 3412 snapman380 - ok
13:16:17.0906 3412 Sntnlusb (a1ff7d99b199cea1f3df371ba70d2780) C:\windows\system32\DRIVERS\SNTNLUSB.SYS
13:16:17.0921 3412 Sntnlusb - ok
13:16:17.0921 3412 Sparrow - ok
13:16:17.0953 3412 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
13:16:18.0109 3412 splitter - ok
13:16:18.0125 3412 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys
13:16:18.0187 3412 sr - ok
13:16:18.0234 3412 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
13:16:18.0296 3412 Srv - ok
13:16:18.0312 3412 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
13:16:18.0453 3412 swenum - ok
13:16:18.0484 3412 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
13:16:18.0609 3412 swmidi - ok
13:16:18.0625 3412 symc810 - ok
13:16:18.0640 3412 symc8xx - ok
13:16:18.0656 3412 sym_hi - ok
13:16:18.0656 3412 sym_u3 - ok
13:16:18.0671 3412 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
13:16:18.0812 3412 sysaudio - ok
13:16:18.0859 3412 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
13:16:18.0968 3412 Tcpip - ok
13:16:19.0015 3412 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
13:16:19.0125 3412 TDPIPE - ok
13:16:19.0187 3412 tdrpman174 (d953f161177dab3c8440844a9ab6e5a2) C:\windows\system32\DRIVERS\tdrpm174.sys
13:16:19.0250 3412 tdrpman174 - ok
13:16:19.0265 3412 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
13:16:19.0390 3412 TDTCP - ok
13:16:19.0421 3412 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
13:16:19.0546 3412 TermDD - ok
13:16:19.0562 3412 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\windows\system32\DRIVERS\tifsfilt.sys
13:16:19.0578 3412 tifsfilter - ok
13:16:19.0593 3412 timounter (394fc70b88b7958fa85798bbc76d140a) C:\windows\system32\DRIVERS\timntr.sys
13:16:19.0625 3412 timounter - ok
13:16:19.0640 3412 TosIde - ok
13:16:19.0687 3412 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
13:16:19.0828 3412 Udfs - ok
13:16:19.0843 3412 ultra - ok
13:16:19.0859 3412 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
13:16:19.0984 3412 Update - ok
13:16:20.0031 3412 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
13:16:20.0171 3412 usbccgp - ok
13:16:20.0218 3412 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
13:16:20.0343 3412 usbehci - ok
13:16:20.0359 3412 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
13:16:20.0500 3412 usbhub - ok
13:16:20.0515 3412 usbohci (0daecce65366ea32b162f85f07c6753b) C:\windows\system32\DRIVERS\usbohci.sys
13:16:20.0640 3412 usbohci - ok
13:16:20.0656 3412 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
13:16:20.0781 3412 usbprint - ok
13:16:20.0843 3412 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys
13:16:20.0984 3412 usbscan - ok
13:16:21.0015 3412 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:16:21.0140 3412 usbstor - ok
13:16:21.0187 3412 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
13:16:21.0312 3412 VgaSave - ok
13:16:21.0312 3412 ViaIde - ok
13:16:21.0359 3412 vNICdrv (eedef70f54e4bab9d7a8d79f3418b3f1) C:\windows\system32\DRIVERS\vNICdrv.sys
13:16:21.0375 3412 vNICdrv - ok
13:16:21.0406 3412 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys
13:16:21.0546 3412 VolSnap - ok
13:16:21.0593 3412 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\windows\system32\DRIVERS\wacmoumonitor.sys
13:16:21.0625 3412 wacmoumonitor - ok
13:16:21.0640 3412 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\windows\system32\DRIVERS\wacommousefilter.sys
13:16:21.0656 3412 wacommousefilter - ok
13:16:21.0671 3412 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\windows\system32\DRIVERS\wacomvhid.sys
13:16:21.0687 3412 wacomvhid - ok
13:16:21.0703 3412 WacomVKHid - ok
13:16:21.0718 3412 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
13:16:21.0843 3412 Wanarp - ok
13:16:21.0859 3412 WDICA - ok
13:16:21.0890 3412 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
13:16:22.0031 3412 wdmaud - ok
13:16:22.0093 3412 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys
13:16:22.0234 3412 WS2IFSL - ok
13:16:22.0265 3412 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
13:16:22.0343 3412 WudfPf - ok
13:16:22.0359 3412 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
13:16:22.0390 3412 WudfRd - ok
13:16:22.0453 3412 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0
13:16:22.0578 3412 \Device\Harddisk0\DR0 - ok
13:16:23.0046 3412 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
13:16:25.0906 3412 \Device\Harddisk1\DR1 - ok
13:16:25.0921 3412 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
13:16:26.0031 3412 \Device\Harddisk2\DR4 - ok
13:16:26.0031 3412 Boot (0x1200) (ce3ef5679614a6b891695f03cf5d1b16) \Device\Harddisk0\DR0\Partition0
13:16:26.0031 3412 \Device\Harddisk0\DR0\Partition0 - ok
13:16:26.0062 3412 Boot (0x1200) (931d4de6ac51f5457423745d4072e878) \Device\Harddisk1\DR1\Partition0
13:16:26.0062 3412 \Device\Harddisk1\DR1\Partition0 - ok
13:16:26.0062 3412 Boot (0x1200) (22dfbbf02865ff70722f140661621c40) \Device\Harddisk2\DR4\Partition0
13:16:26.0062 3412 \Device\Harddisk2\DR4\Partition0 - ok
13:16:26.0062 3412 ============================================================
13:16:26.0062 3412 Scan finished
13:16:26.0062 3412 ============================================================
13:16:26.0203 1080 Detected object count: 6
13:16:26.0203 1080 Actual detected object count: 6
13:17:11.0718 1080 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:11.0718 1080 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:11.0718 1080 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:11.0718 1080 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:11.0718 1080 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:11.0718 1080 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:11.0718 1080 Par1284 ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:11.0718 1080 Par1284 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:11.0718 1080 Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:11.0718 1080 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:11.0734 1080 snapman ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:11.0734 1080 snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:19.0906 2808 ============================================================
13:17:19.0906 2808 Scan started
13:17:19.0906 2808 Mode: Manual; SigCheck; TDLFS;
13:17:19.0906 2808 ============================================================
13:17:20.0625 2808 Abiosdsk - ok
13:17:20.0656 2808 abp480n5 - ok
13:17:20.0671 2808 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys
13:17:20.0812 2808 ACPI - ok
13:17:20.0843 2808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys
13:17:21.0000 2808 ACPIEC - ok
13:17:21.0031 2808 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\windows\system32\drivers\adfs.sys
13:17:21.0046 2808 adfs - ok
13:17:21.0062 2808 adpu160m - ok
13:17:21.0093 2808 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
13:17:21.0218 2808 aec - ok
13:17:21.0265 2808 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\windows\System32\drivers\afd.sys
13:17:21.0281 2808 AFD - ok
13:17:21.0296 2808 Aha154x - ok
13:17:21.0312 2808 aic78u2 - ok
13:17:21.0312 2808 aic78xx - ok
13:17:21.0343 2808 AliIde - ok
13:17:21.0343 2808 amsint - ok
13:17:21.0375 2808 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys
13:17:21.0531 2808 Arp1394 - ok
13:17:21.0531 2808 asc - ok
13:17:21.0546 2808 asc3350p - ok
13:17:21.0562 2808 asc3550 - ok
13:17:21.0593 2808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
13:17:21.0718 2808 AsyncMac - ok
13:17:21.0750 2808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
13:17:21.0875 2808 atapi - ok
13:17:21.0890 2808 Atdisk - ok
13:17:21.0968 2808 ati2mtag (ffe23eba27295053e2e8e5079eb66a8e) C:\windows\system32\DRIVERS\ati2mtag.sys
13:17:22.0000 2808 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
13:17:22.0000 2808 ati2mtag - detected UnsignedFile.Multi.Generic (1)
13:17:22.0031 2808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
13:17:22.0171 2808 Atmarpc - ok
13:17:22.0187 2808 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
13:17:22.0312 2808 audstub - ok
13:17:22.0343 2808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
13:17:22.0484 2808 Beep - ok
13:17:22.0609 2808 catchme - ok
13:17:22.0640 2808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
13:17:22.0781 2808 cbidf2k - ok
13:17:22.0796 2808 cd20xrnt - ok
13:17:22.0828 2808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
13:17:22.0968 2808 Cdaudio - ok
13:17:22.0984 2808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
13:17:23.0109 2808 Cdfs - ok
13:17:23.0140 2808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
13:17:23.0281 2808 Cdrom - ok
13:17:23.0281 2808 Changer - ok
13:17:23.0312 2808 CmdIde - ok
13:17:23.0312 2808 cojug - ok
13:17:23.0343 2808 Cpqarray - ok
13:17:23.0359 2808 dac2w2k - ok
13:17:23.0359 2808 dac960nt - ok
13:17:23.0390 2808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
13:17:23.0515 2808 Disk - ok
13:17:23.0578 2808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys
13:17:23.0750 2808 dmboot - ok
13:17:23.0765 2808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys
13:17:23.0937 2808 dmio - ok
13:17:23.0953 2808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
13:17:24.0109 2808 dmload - ok
13:17:24.0125 2808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
13:17:24.0281 2808 DMusic - ok
13:17:24.0296 2808 dpti2o - ok
13:17:24.0312 2808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
13:17:24.0437 2808 drmkaud - ok
13:17:24.0468 2808 EverestDriver - ok
13:17:24.0484 2808 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
13:17:24.0625 2808 Fastfat - ok
13:17:24.0640 2808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\drivers\Fdc.sys
13:17:24.0781 2808 Fdc - ok
13:17:24.0812 2808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys
13:17:24.0953 2808 Fips - ok
13:17:24.0968 2808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys
13:17:25.0093 2808 Flpydisk - ok
13:17:25.0109 2808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys
13:17:25.0250 2808 FltMgr - ok
13:17:25.0265 2808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
13:17:25.0390 2808 Fs_Rec - ok
13:17:25.0406 2808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
13:17:25.0531 2808 Ftdisk - ok
13:17:25.0578 2808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
13:17:25.0718 2808 Gpc - ok
13:17:25.0796 2808 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\windows\system32\drivers\hardlock.sys
13:17:25.0828 2808 Hardlock - ok
13:17:25.0859 2808 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\windows\system32\drivers\Haspnt.sys
13:17:25.0859 2808 Haspnt ( UnsignedFile.Multi.Generic ) - warning
13:17:25.0859 2808 Haspnt - detected UnsignedFile.Multi.Generic (1)
13:17:25.0875 2808 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys
13:17:26.0031 2808 HDAudBus - ok
13:17:26.0046 2808 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
13:17:26.0187 2808 HidUsb - ok
13:17:26.0203 2808 hpn - ok
13:17:26.0250 2808 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\windows\system32\DRIVERS\HPZid412.sys
13:17:26.0296 2808 HPZid412 - ok
13:17:26.0343 2808 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\windows\system32\DRIVERS\HPZipr12.sys
13:17:26.0375 2808 HPZipr12 - ok
13:17:26.0437 2808 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\windows\system32\DRIVERS\HPZius12.sys
13:17:26.0484 2808 HPZius12 - ok
13:17:26.0546 2808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
13:17:26.0578 2808 HTTP - ok
13:17:26.0593 2808 i2omgmt - ok
13:17:26.0593 2808 i2omp - ok
13:17:26.0609 2808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys
13:17:26.0750 2808 i8042prt - ok
13:17:26.0812 2808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
13:17:26.0953 2808 Imapi - ok
13:17:26.0968 2808 ini910u - ok
13:17:27.0109 2808 IntcAzAudAddService (a575138ad572c12cffa122b89a382b7e) C:\windows\system32\drivers\RtkHDAud.sys
13:17:27.0250 2808 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
13:17:27.0250 2808 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
13:17:27.0265 2808 IntelIde - ok
13:17:27.0296 2808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys
13:17:27.0437 2808 Ip6Fw - ok
13:17:27.0453 2808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:17:27.0578 2808 IpFilterDriver - ok
13:17:27.0593 2808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
13:17:27.0750 2808 IpInIp - ok
13:17:27.0750 2808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
13:17:27.0890 2808 IpNat - ok
13:17:27.0906 2808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
13:17:28.0031 2808 IPSec - ok
13:17:28.0031 2808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
13:17:28.0093 2808 IRENUM - ok
13:17:28.0140 2808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys
13:17:28.0281 2808 isapnp - ok
13:17:28.0296 2808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys
13:17:28.0437 2808 Kbdclass - ok
13:17:28.0453 2808 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys
13:17:28.0578 2808 kbdhid - ok
13:17:28.0609 2808 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\windows\system32\DRIVERS\kl1.sys
13:17:28.0625 2808 KL1 - ok
13:17:28.0656 2808 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\windows\system32\DRIVERS\kl2.sys
13:17:28.0656 2808 kl2 - ok
13:17:28.0687 2808 KLIF (5d92a03045a6a98708975b3d77b39a36) C:\windows\system32\DRIVERS\klif.sys
13:17:28.0718 2808 KLIF - ok
13:17:28.0750 2808 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\windows\system32\DRIVERS\klim5.sys
13:17:28.0765 2808 klim5 - ok
13:17:28.0828 2808 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\windows\system32\DRIVERS\klmouflt.sys
13:17:28.0875 2808 klmouflt - ok
13:17:28.0906 2808 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
13:17:29.0093 2808 kmixer - ok
13:17:29.0093 2808 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
13:17:29.0140 2808 KSecDD - ok
13:17:29.0156 2808 lbrtfdc - ok
13:17:29.0296 2808 MFE_RR - ok
13:17:29.0312 2808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
13:17:29.0484 2808 mnmdd - ok
13:17:29.0531 2808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys
13:17:29.0703 2808 Modem - ok
13:17:29.0718 2808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys
13:17:29.0859 2808 Mouclass - ok
13:17:29.0875 2808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys
13:17:30.0015 2808 mouhid - ok
13:17:30.0046 2808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
13:17:30.0171 2808 MountMgr - ok
13:17:30.0171 2808 mraid35x - ok
13:17:30.0187 2808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
13:17:30.0328 2808 MRxDAV - ok
13:17:30.0375 2808 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys
13:17:30.0406 2808 MRxSmb - ok
13:17:30.0421 2808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
13:17:30.0546 2808 Msfs - ok
13:17:30.0562 2808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
13:17:30.0703 2808 MSKSSRV - ok
13:17:30.0718 2808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
13:17:30.0859 2808 MSPCLOCK - ok
13:17:30.0859 2808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
13:17:31.0015 2808 MSPQM - ok
13:17:31.0015 2808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
13:17:31.0140 2808 mssmbios - ok
13:17:31.0203 2808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys
13:17:31.0218 2808 Mup - ok
13:17:31.0218 2808 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\windows\system32\DRIVERS\mxopswd.sys
13:17:31.0250 2808 MXOPSWD - ok
13:17:31.0265 2808 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
13:17:31.0390 2808 NDIS - ok
13:17:31.0437 2808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys
13:17:31.0468 2808 NdisTapi - ok
13:17:31.0484 2808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
13:17:31.0609 2808 Ndisuio - ok
13:17:31.0609 2808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
13:17:31.0781 2808 NdisWan - ok
13:17:31.0828 2808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
13:17:31.0843 2808 NDProxy - ok
13:17:31.0859 2808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
13:17:31.0984 2808 NetBIOS - ok
13:17:32.0015 2808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
13:17:32.0140 2808 NetBT - ok
13:17:32.0171 2808 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys
13:17:32.0312 2808 NIC1394 - ok
13:17:32.0328 2808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
13:17:32.0453 2808 Npfs - ok
13:17:32.0468 2808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
13:17:32.0593 2808 Ntfs - ok
13:17:32.0640 2808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
13:17:32.0765 2808 Null - ok
13:17:32.0890 2808 nv (23b95a09677e62ec8d1641ecf39b9bfb) C:\windows\system32\DRIVERS\nv4_mini.sys
13:17:33.0093 2808 nv - ok
13:17:33.0109 2808 nvata (947c4a0e7b25bcecc3b40f0f1070378b) C:\windows\system32\DRIVERS\nvata.sys
13:17:33.0125 2808 nvata - ok
13:17:33.0156 2808 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\windows\system32\DRIVERS\NVENETFD.sys
13:17:33.0187 2808 NVENETFD - ok
13:17:33.0203 2808 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\windows\system32\DRIVERS\nvnetbus.sys
13:17:33.0218 2808 nvnetbus - ok
13:17:33.0250 2808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
13:17:33.0375 2808 NwlnkFlt - ok
13:17:33.0390 2808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
13:17:33.0515 2808 NwlnkFwd - ok
13:17:33.0531 2808 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys
13:17:33.0656 2808 ohci1394 - ok
13:17:33.0796 2808 Par1284 (8e55251d83763ccca60fe26a811cfb0c) C:\Program Files\FlexiSIGN-PRO 7.6v2\Program\Par1284.sys
13:17:33.0812 2808 Par1284 ( UnsignedFile.Multi.Generic ) - warning
13:17:33.0812 2808 Par1284 - detected UnsignedFile.Multi.Generic (1)
13:17:33.0828 2808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\drivers\Parport.sys
13:17:33.0968 2808 Parport - ok
13:17:33.0968 2808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
13:17:34.0093 2808 PartMgr - ok
13:17:34.0125 2808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys
13:17:34.0250 2808 ParVdm - ok
13:17:34.0265 2808 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys
13:17:34.0406 2808 PCI - ok
13:17:34.0421 2808 PCIDump - ok
13:17:34.0437 2808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys
13:17:34.0546 2808 PCIIde - ok
13:17:34.0578 2808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys
13:17:34.0718 2808 Pcmcia - ok
13:17:34.0718 2808 PDCOMP - ok
13:17:34.0734 2808 PDFRAME - ok
13:17:34.0750 2808 PDRELI - ok
13:17:34.0750 2808 PDRFRAME - ok
13:17:34.0765 2808 perc2 - ok
13:17:34.0781 2808 perc2hib - ok
13:17:34.0828 2808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
13:17:34.0953 2808 PptpMiniport - ok
13:17:34.0968 2808 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\windows\system32\DRIVERS\processr.sys
13:17:35.0109 2808 Processor - ok
13:17:35.0125 2808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
13:17:35.0250 2808 PSched - ok
13:17:35.0265 2808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
13:17:35.0375 2808 Ptilink - ok
13:17:35.0390 2808 ql1080 - ok
13:17:35.0406 2808 Ql10wnt - ok
13:17:35.0406 2808 ql12160 - ok
13:17:35.0421 2808 ql1240 - ok
13:17:35.0437 2808 ql1280 - ok
13:17:35.0453 2808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
13:17:35.0593 2808 RasAcd - ok
13:17:35.0609 2808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
13:17:35.0734 2808 Rasl2tp - ok
13:17:35.0750 2808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
13:17:35.0859 2808 RasPppoe - ok
13:17:35.0875 2808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
13:17:36.0015 2808 Raspti - ok
13:17:36.0031 2808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
13:17:36.0171 2808 Rdbss - ok
13:17:36.0187 2808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
13:17:36.0312 2808 RDPCDD - ok
13:17:36.0359 2808 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys
13:17:36.0484 2808 rdpdr - ok
13:17:36.0531 2808 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\windows\system32\drivers\RDPWD.sys
13:17:36.0562 2808 RDPWD - ok
13:17:36.0578 2808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys
13:17:36.0687 2808 redbook - ok
13:17:36.0703 2808 RimUsb - ok
13:17:36.0750 2808 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
13:17:36.0765 2808 RimVSerPort - ok
13:17:36.0781 2808 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\windows\system32\Drivers\RootMdm.sys
13:17:36.0921 2808 ROOTMODEM - ok
13:17:37.0062 2808 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:17:37.0078 2808 SASDIFSV - ok
13:17:37.0109 2808 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:17:37.0125 2808 SASKUTIL - ok
13:17:37.0156 2808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
13:17:37.0234 2808 Secdrv - ok
13:17:37.0265 2808 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\windows\System32\Drivers\SENTINEL.SYS
13:17:37.0296 2808 Sentinel ( UnsignedFile.Multi.Generic ) - warning
13:17:37.0296 2808 Sentinel - detected UnsignedFile.Multi.Generic (1)
13:17:37.0328 2808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\drivers\Serial.sys
13:17:37.0484 2808 Serial - ok
13:17:37.0515 2808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
13:17:37.0640 2808 Sfloppy - ok
13:17:37.0656 2808 Simbad - ok
13:17:37.0671 2808 snapman (64bd4cf25e70a3291d85d927b6270b9c) C:\windows\system32\DRIVERS\snapman.sys
13:17:37.0703 2808 snapman ( UnsignedFile.Multi.Generic ) - warning
13:17:37.0703 2808 snapman - detected UnsignedFile.Multi.Generic (1)
13:17:37.0718 2808 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\windows\system32\DRIVERS\snman380.sys
13:17:37.0734 2808 snapman380 - ok
13:17:37.0750 2808 Sntnlusb (a1ff7d99b199cea1f3df371ba70d2780) C:\windows\system32\DRIVERS\SNTNLUSB.SYS
13:17:37.0765 2808 Sntnlusb - ok
13:17:37.0781 2808 Sparrow - ok
13:17:37.0828 2808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
13:17:37.0953 2808 splitter - ok
13:17:37.0968 2808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys
13:17:38.0031 2808 sr - ok
13:17:38.0078 2808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
13:17:38.0109 2808 Srv - ok
13:17:38.0140 2808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
13:17:38.0250 2808 swenum - ok
13:17:38.0265 2808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
13:17:38.0390 2808 swmidi - ok
13:17:38.0406 2808 symc810 - ok
13:17:38.0421 2808 symc8xx - ok
13:17:38.0421 2808 sym_hi - ok
13:17:38.0437 2808 sym_u3 - ok
13:17:38.0453 2808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
13:17:38.0578 2808 sysaudio - ok
13:17:38.0609 2808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
13:17:38.0625 2808 Tcpip - ok
13:17:38.0671 2808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
13:17:38.0781 2808 TDPIPE - ok
13:17:38.0843 2808 tdrpman174 (d953f161177dab3c8440844a9ab6e5a2) C:\windows\system32\DRIVERS\tdrpm174.sys
13:17:38.0890 2808 tdrpman174 - ok
13:17:38.0890 2808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
13:17:39.0031 2808 TDTCP - ok
13:17:39.0062 2808 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
13:17:39.0171 2808 TermDD - ok
13:17:39.0187 2808 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\windows\system32\DRIVERS\tifsfilt.sys
13:17:39.0203 2808 tifsfilter - ok
13:17:39.0218 2808 timounter (394fc70b88b7958fa85798bbc76d140a) C:\windows\system32\DRIVERS\timntr.sys
13:17:39.0250 2808 timounter - ok
13:17:39.0265 2808 TosIde - ok
13:17:39.0296 2808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
13:17:39.0421 2808 Udfs - ok
13:17:39.0437 2808 ultra - ok
13:17:39.0453 2808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
13:17:39.0578 2808 Update - ok
13:17:39.0609 2808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
13:17:39.0734 2808 usbccgp - ok
13:17:39.0796 2808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
13:17:39.0906 2808 usbehci - ok
13:17:39.0906 2808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
13:17:40.0046 2808 usbhub - ok
13:17:40.0062 2808 usbohci (0daecce65366ea32b162f85f07c6753b) C:\windows\system32\DRIVERS\usbohci.sys
13:17:40.0187 2808 usbohci - ok
13:17:40.0203 2808 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
13:17:40.0312 2808 usbprint - ok
13:17:40.0343 2808 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys
13:17:40.0453 2808 usbscan - ok
13:17:40.0468 2808 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:17:40.0578 2808 usbstor - ok
13:17:40.0625 2808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
13:17:40.0734 2808 VgaSave - ok
13:17:40.0750 2808 ViaIde - ok
13:17:40.0796 2808 vNICdrv (eedef70f54e4bab9d7a8d79f3418b3f1) C:\windows\system32\DRIVERS\vNICdrv.sys
13:17:40.0812 2808 vNICdrv - ok
13:17:40.0843 2808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys
13:17:40.0968 2808 VolSnap - ok
13:17:41.0015 2808 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\windows\system32\DRIVERS\wacmoumonitor.sys
13:17:41.0031 2808 wacmoumonitor - ok
13:17:41.0062 2808 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\windows\system32\DRIVERS\wacommousefilter.sys
13:17:41.0078 2808 wacommousefilter - ok
13:17:41.0109 2808 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\windows\system32\DRIVERS\wacomvhid.sys
13:17:41.0125 2808 wacomvhid - ok
13:17:41.0140 2808 WacomVKHid - ok
13:17:41.0156 2808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
13:17:41.0265 2808 Wanarp - ok
13:17:41.0281 2808 WDICA - ok
13:17:41.0296 2808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
13:17:41.0421 2808 wdmaud - ok
13:17:41.0468 2808 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys
13:17:41.0578 2808 WS2IFSL - ok
13:17:41.0609 2808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
13:17:41.0656 2808 WudfPf - ok
13:17:41.0656 2808 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
13:17:41.0671 2808 WudfRd - ok
13:17:41.0718 2808 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0
13:17:41.0906 2808 \Device\Harddisk0\DR0 - ok
13:17:42.0375 2808 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
13:17:45.0234 2808 \Device\Harddisk1\DR1 - ok
13:17:45.0234 2808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
13:17:45.0312 2808 \Device\Harddisk2\DR4 - ok
13:17:45.0312 2808 Boot (0x1200) (ce3ef5679614a6b891695f03cf5d1b16) \Device\Harddisk0\DR0\Partition0
13:17:45.0312 2808 \Device\Harddisk0\DR0\Partition0 - ok
13:17:45.0343 2808 Boot (0x1200) (931d4de6ac51f5457423745d4072e878) \Device\Harddisk1\DR1\Partition0
13:17:45.0343 2808 \Device\Harddisk1\DR1\Partition0 - ok
13:17:45.0343 2808 Boot (0x1200) (22dfbbf02865ff70722f140661621c40) \Device\Harddisk2\DR4\Partition0
13:17:45.0343 2808 \Device\Harddisk2\DR4\Partition0 - ok
13:17:45.0343 2808 ============================================================
13:17:45.0343 2808 Scan finished
13:17:45.0343 2808 ============================================================
13:17:45.0359 2304 Detected object count: 6
13:17:45.0359 2304 Actual detected object count: 6
13:17:47.0265 2304 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:47.0265 2304 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:47.0265 2304 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:47.0265 2304 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:47.0265 2304 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:47.0265 2304 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:47.0265 2304 Par1284 ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:47.0265 2304 Par1284 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:47.0281 2304 Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:47.0281 2304 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:47.0281 2304 snapman ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:47.0281 2304 snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:49.0656 1624 Deinitialize success


3.fss log
Farbar Service Scanner Version: 14-02-2012
Ran by User (administrator) on 17-02-2012 at 13:36:37
Running from "I:\MyDocuments\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\netman.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\srsvc.dll => MD5 is legit
C:\windows\system32\Drivers\sr.sys => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuauserv.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) kl2(8) NetBT(5) PSched(7) Tcpip(3)
0x0A00000008000000040000000100000002000000030000000A00000005000000060000000700000009000000


**** End of log ****

4.otl log
OTL logfile created on: 2/17/2012 1:37:38 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = I:\MyDocuments\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 70.69% Memory free
4.83 Gb Paging File | 4.18 Gb Available in Paging File | 86.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 211.30 Gb Free Space | 45.37% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 221.51 Gb Free Space | 47.56% Space Free | Partition Type: NTFS
Drive L: | 465.76 Gb Total Space | 417.88 Gb Free Space | 89.72% Space Free | Partition Type: NTFS
Drive S: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive T: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive U: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive V: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive W: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive X: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive Y: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive Z: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS

Computer Name: CHARLES | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/17 13:37:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- I:\MyDocuments\Downloads\OTL.exe
PRC - [2012/02/17 13:35:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2011/12/27 09:45:29 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2011/11/13 07:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/11/13 07:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/11/13 07:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/05 19:14:36 | 000,207,360 | ---- | M] (Iomega Corp) -- C:\Program Files\Iomega Storage Manager\pCloudd.exe
PRC - [2011/08/05 19:12:34 | 002,158,160 | ---- | M] (EMC) -- C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe
PRC - [2011/03/03 19:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2010/11/15 11:08:08 | 001,158,512 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2010/11/15 11:08:06 | 004,807,536 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2010/03/27 05:01:26 | 014,090,688 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/22 04:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
PRC - [2009/12/09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\nlssrv32.exe
PRC - [2009/03/12 19:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
PRC - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/11/26 11:12:24 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/07 00:50:14 | 000,538,096 | ---- | M] ( ) -- C:\WINDOWS\system32\dlbtcoms.exe
PRC - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
PRC - [2005/07/27 00:52:32 | 000,057,344 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 13:35:19 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/09 15:20:00 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2011/08/05 19:14:40 | 006,302,208 | ---- | M] () -- C:\Program Files\Iomega Storage Manager\wxmsw28u_vc_custom.dll
MOD - [2010/11/15 11:08:08 | 000,962,416 | ---- | M] () -- C:\Program Files\Tablet\Wacom\libxml2.dll
MOD - [2010/03/27 05:01:30 | 000,058,816 | ---- | M] () -- C:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\SPBasic.dll
MOD - [2010/03/27 05:00:08 | 000,070,592 | ---- | M] () -- C:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Alcid.dll
MOD - [2010/02/22 04:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\zlib1.dll
MOD - [2009/10/15 02:01:44 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c59df94a\mscorlib.dll
MOD - [2009/10/15 02:01:41 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_72075e2d\system.drawing.dll
MOD - [2009/10/15 02:01:37 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_de931c86\system.xml.dll
MOD - [2009/10/15 02:01:33 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_60e8bf8e\system.windows.forms.dll
MOD - [2009/10/15 02:01:27 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_ec2d9f48\system.dll
MOD - [2009/10/15 02:01:22 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2009/10/15 02:01:21 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2009/04/03 15:04:58 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/04/03 15:04:58 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/04/03 15:04:58 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2009/04/03 15:04:58 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2009/04/03 15:04:58 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2009/03/12 19:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
MOD - [2009/01/10 16:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2009/01/10 16:14:06 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2007/01/22 06:18:28 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\dlbtcfg.dll
MOD - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
MOD - [2005/05/25 12:07:26 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\dlbtcnv4.dll
MOD - [2005/03/11 18:03:48 | 000,053,248 | ---- | M] () -- C:\Program Files\FlexiSIGN-PRO 7.6v2\Program\DesignShell.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Roxio UPnP Renderer 11)
SRV - [2012/02/09 15:20:00 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2011/12/27 09:45:29 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/05 19:14:36 | 000,207,360 | ---- | M] (Iomega Corp) [Auto | Running] -- C:\Program Files\Iomega Storage Manager\pCloudd.exe -- (PCloudd)
SRV - [2011/04/24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011/03/03 19:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/11/15 11:08:06 | 004,807,536 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/04/05 13:56:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/11/26 11:12:24 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\ASTSRV.EXE -- (ASTSRV)
SRV - [2008/11/26 11:12:24 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (ASTCC)
SRV - [2007/06/07 00:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\windows\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)


========== Driver Services (SafeList) ==========

DRV - [2011/09/07 09:56:09 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/08/05 19:14:36 | 000,017,488 | ---- | M] (Iomega Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vNICdrv.sys -- (vNICdrv)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/08 07:37:47 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2011/03/10 17:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 12:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 12:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/11/02 16:07:54 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/10/25 10:59:28 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/11/16 21:49:13 | 000,132,224 | ---- | M] () [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/06/01 10:55:05 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/06/01 10:55:05 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/06/01 10:55:00 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/04/05 15:01:58 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008/08/05 05:56:27 | 004,249,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/08/14 13:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/11 20:38:30 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 20:38:28 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/07/27 10:55:46 | 001,314,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/02 10:13:50 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Stopped] -- C:\Program Files\FlexiSIGN-PRO 7.6v2\Program\Par1284.sys -- (Par1284)
DRV - [2004/07/14 11:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2002/12/16 05:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2002/12/16 05:41:10 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1202660629-1767777339-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1202660629-1767777339-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1767777339-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?hl=en"
FF - prefs.js..extensions.enabledItems: {D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}:2.5.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.28
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5872365e-67d1-4afd-9480-fd293bebd20d}:1.7.3
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2011/10/06 11:47:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2011/10/06 11:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 13:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/15 09:13:46 | 000,000,000 | ---D | M]

[2009/11/16 22:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/02/10 15:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rnjg7ct2.default\extensions
[2010/01/05 14:20:44 | 000,000,000 | ---D | M] (Download Sort) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rnjg7ct2.default\extensions\{D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}
[2010/07/27 09:03:26 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rnjg7ct2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/09/06 08:23:34 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rnjg7ct2.default\extensions\plugin@yontoo.com
[2012/02/15 09:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/17 13:35:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/04/04 10:32:29 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll
[2012/02/02 15:26:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/02 15:26:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ZoneAlarm Spy Blocker Plugin Stub (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\
CHR - Extension: Anti-Banner = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/01/17 09:39:13 | 000,001,302 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient_2.dll (Yontoo LLC)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\S-1-5-21-1202660629-1767777339-1801674531-1004\..\Toolbar\ShellBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\S-1-5-21-1202660629-1767777339-1801674531-1004\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DLBTCATS] C:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1202660629-1767777339-1801674531-1004..\Run: [Akamai NetSession Interface] C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1202660629-1767777339-1801674531-1004..\Run: [DIMDownloading your update...1270498514694] c:\Program Files\Corel\CorelDRAW Graphics Suite X5\Draw\DIM.exe (Corel Corporation)
O4 - HKU\S-1-5-21-1202660629-1767777339-1801674531-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2012/01/18 10:34:10 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega Storage Manager.lnk = C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe (EMC)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\AutorunsDisabled [2012/01/18 10:34:13 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1767777339-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1767777339-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1767777339-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-1767777339-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5577D1D3-8BB7-476E-9F5C-23649971FDDC}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/10 07:58:48 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/04/03 15:04:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/13 14:09:20 | 000,000,000 | ---D | C] -- C:\SIGN DEPOT JOBS
[2012/02/13 13:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/13 13:31:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012/02/13 13:31:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012/02/13 13:31:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012/02/13 13:26:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/02/13 13:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/02/13 13:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/13 13:06:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/13 12:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/02/13 12:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Revo Uninstaller
[2012/02/10 15:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\562354_4
[2012/02/10 14:46:35 | 001,976,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2012/02/10 10:00:11 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/02/09 16:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/02/09 16:44:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/02/09 16:44:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2012/02/09 16:44:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/02/09 10:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\virus fixers
[2012/02/07 15:29:42 | 000,000,000 | ---D | C] -- I:\MyDocuments\lee apparel stuff
[2012/01/24 08:37:49 | 000,000,000 | ---D | C] -- I:\MyDocuments\y pics from randy camera card
[2007/06/07 00:50:16 | 000,386,544 | ---- | C] ( ) -- C:\windows\System32\dlbtih.exe
[2007/06/07 00:50:14 | 000,538,096 | ---- | C] ( ) -- C:\windows\System32\dlbtcoms.exe
[2007/06/07 00:50:12 | 000,382,448 | ---- | C] ( ) -- C:\windows\System32\dlbtcfg.exe
[2007/01/30 13:47:52 | 000,643,072 | ---- | C] ( ) -- C:\windows\System32\dlbtpmui.dll
[2007/01/30 13:46:00 | 001,224,704 | ---- | C] ( ) -- C:\windows\System32\dlbtserv.dll
[2007/01/30 13:38:18 | 000,421,888 | ---- | C] ( ) -- C:\windows\System32\dlbtcomm.dll
[2007/01/30 13:36:30 | 000,585,728 | ---- | C] ( ) -- C:\windows\System32\dlbtlmpm.dll
[2007/01/30 13:35:00 | 000,397,312 | ---- | C] ( ) -- C:\windows\System32\dlbtiesc.dll
[2007/01/30 13:32:06 | 000,094,208 | ---- | C] ( ) -- C:\windows\System32\dlbtpplc.dll
[2007/01/30 13:31:08 | 000,684,032 | ---- | C] ( ) -- C:\windows\System32\dlbtcomc.dll
[2007/01/30 13:30:30 | 000,163,840 | ---- | C] ( ) -- C:\windows\System32\dlbtprox.dll
[2007/01/30 13:22:32 | 000,413,696 | ---- | C] ( ) -- C:\windows\System32\dlbtinpa.dll
[2007/01/30 13:21:46 | 000,995,328 | ---- | C] ( ) -- C:\windows\System32\dlbtusb1.dll
[2007/01/30 13:17:02 | 000,696,320 | ---- | C] ( ) -- C:\windows\System32\dlbthbn3.dll
[2004/11/24 13:25:52 | 000,335,872 | ---- | C] ( ) -- C:\windows\System32\drvc.dll
[1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 001,724,938 | ---- | M] () -- I:\MyDocuments\scroll.ai
[2049/12/31 16:00:00 | 001,511,941 | ---- | M] () -- I:\MyDocuments\creation.ai
[2049/12/31 16:00:00 | 001,301,278 | ---- | M] () -- I:\MyDocuments\scroll2.ai
[2012/02/17 13:30:15 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/17 10:32:28 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/17 08:29:52 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/02/17 03:03:00 | 000,000,710 | ---- | M] () -- C:\windows\tasks\testrun.job
[2012/02/17 01:00:00 | 000,000,438 | ---- | M] () -- C:\windows\tasks\SyncBack sign source NAS.job
[2012/02/16 22:00:00 | 000,000,456 | ---- | M] () -- C:\windows\tasks\SyncBack lee apparel screen print.job
[2012/02/16 15:05:04 | 885,992,036 | ---- | M] () -- I:\MyDocuments\kelley jaye boat wrap final.psd
[2012/02/16 11:22:57 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\User\Desktop\clipbrd.exe.lnk
[2012/02/16 08:09:48 | 005,202,392 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/02/16 03:01:16 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2012/02/15 15:45:52 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS5 Prefs
[2012/02/15 09:56:30 | 000,013,395 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DOGG.eps
[2012/02/15 09:14:01 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012/02/13 14:09:02 | 000,303,580 | ---- | M] () -- C:\windows\FontData.fdb
[2012/02/13 13:49:34 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/02/13 13:29:11 | 000,153,978 | ---- | M] () -- I:\MyDocuments\cc_20120213_132858.reg
[2012/02/13 13:21:56 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/13 12:53:48 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Revo Uninstaller.lnk
[2012/02/13 12:51:34 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/10 14:31:06 | 000,177,792 | ---- | M] () -- C:\Documents and Settings\User\Desktop\562354_4.zip
[2012/02/01 18:26:11 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/01 18:26:11 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cabbce3e4661dc.job
[1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/16 11:22:30 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\User\Desktop\clipbrd.exe.lnk
[2012/02/16 09:37:27 | 885,992,036 | ---- | C] () -- I:\MyDocuments\kelley jaye boat wrap final.psd
[2012/02/16 08:31:25 | 000,911,263 | ---- | C] () -- I:\MyDocuments\lightning hires2.jpg
[2012/02/16 08:31:08 | 001,666,234 | ---- | C] () -- I:\MyDocuments\lightning2.eps
[2012/02/16 08:30:31 | 001,398,575 | ---- | C] () -- I:\MyDocuments\lightning hires.jpg
[2012/02/16 08:30:12 | 000,797,938 | ---- | C] () -- I:\MyDocuments\lightning1.eps
[2012/02/16 03:00:37 | 000,001,374 | ---- | C] () -- C:\windows\imsins.BAK
[2012/02/15 23:29:53 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2012/02/15 23:29:53 | 000,003,072 | ---- | C] () -- C:\windows\System32\dllcache\iacenc.dll
[2012/02/15 09:56:30 | 000,013,395 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DOGG.eps
[2012/02/13 13:49:34 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/13 13:49:34 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/02/13 13:29:03 | 000,153,978 | ---- | C] () -- I:\MyDocuments\cc_20120213_132858.reg
[2012/02/13 13:21:56 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/13 12:53:48 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Revo Uninstaller.lnk
[2012/02/10 14:46:55 | 000,177,792 | ---- | C] () -- C:\Documents and Settings\User\Desktop\562354_4.zip
[2012/02/09 16:44:27 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/02/09 16:44:27 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/02/09 16:44:27 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/02/09 16:44:27 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/02/09 16:44:27 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/02/09 10:28:33 | 006,580,081 | ---- | C] () -- C:\Documents and Settings\User\Desktop\virus fixers.rar
[2011/10/17 07:33:30 | 006,575,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/07 10:02:40 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\WebpageIcons.db
[2011/09/07 09:58:18 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat
[2011/09/07 09:58:18 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat
[2011/09/06 19:54:39 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\pspc.sys
[2011/09/06 15:15:13 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\wpvj.sys
[2011/09/06 11:43:57 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\hrvooc.sys
[2011/09/06 11:32:49 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\qyfird.sys
[2011/09/06 10:46:10 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\bqiae.sys
[2011/09/06 10:10:59 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\qkcjnip.sys
[2011/09/06 08:25:38 | 000,000,120 | ---- | C] () -- C:\windows\Ncisipataxuhiju.dat
[2011/09/06 08:25:38 | 000,000,000 | ---- | C] () -- C:\windows\Pbameqijolozi.bin
[2011/05/18 13:37:19 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe IllExport Filter CS5 Prefs
[2011/04/20 13:54:37 | 000,034,308 | ---- | C] () -- C:\windows\System32\BASSMOD.dll
[2011/03/11 11:43:54 | 000,029,763 | ---- | C] () -- C:\windows\System32\drivers\klopp.dat
[2011/03/04 10:46:38 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS5 Prefs
[2011/02/28 08:29:29 | 000,000,028 | ---- | C] () -- C:\windows\xante.ini
[2010/10/23 02:03:50 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2010/08/31 08:22:06 | 000,000,754 | ---- | C] () -- C:\windows\WORDPAD.INI
[2009/12/10 17:14:29 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\33A741AA03.sys
[2009/11/16 23:36:29 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\SYSREF87.BIN
[2009/11/16 21:04:59 | 000,132,224 | ---- | C] () -- C:\windows\System32\drivers\snapman.sys
[2009/11/16 16:12:54 | 000,008,476 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2009/11/16 01:43:35 | 000,000,253 | ---- | C] () -- C:\windows\WININIT.INI
[2009/11/14 21:54:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009/11/14 21:40:55 | 000,516,096 | ---- | C] () -- C:\windows\System32\ati2sgag.exe
[2009/11/14 21:39:26 | 000,104,361 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/08/08 10:09:11 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\ABC989BB16.sys
[2009/08/08 10:09:10 | 000,008,456 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/05/24 13:49:06 | 000,000,000 | ---- | C] () -- C:\windows\System32\RBuilder.ini
[2009/05/24 12:40:26 | 000,000,090 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
[2009/04/05 15:01:58 | 000,000,383 | ---- | C] () -- C:\windows\System32\haspdos.sys
[2009/04/05 15:01:52 | 000,011,111 | ---- | C] () -- C:\windows\System32\DELTREE.EXE
[2009/04/04 10:35:07 | 000,000,008 | ---- | C] () -- C:\windows\System32\nvModes.dat
[2009/04/04 10:30:36 | 000,004,212 | ---- | C] () -- C:\windows\System32\zllictbl.dat
[2009/04/04 10:30:25 | 000,796,048 | ---- | C] () -- C:\windows\System32\libeay32_0.9.6l.dll
[2009/04/04 10:13:26 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/03 15:09:06 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2009/04/03 15:06:01 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2009/04/03 15:02:01 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2009/04/03 08:56:50 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2009/04/03 08:55:51 | 005,202,392 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/03/27 10:03:00 | 001,724,416 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2009/03/27 10:03:00 | 001,657,376 | ---- | C] () -- C:\windows\System32\nwiz.exe
[2009/03/27 10:03:00 | 001,503,232 | ---- | C] () -- C:\windows\System32\nview.dll
[2009/03/27 10:03:00 | 001,346,080 | ---- | C] () -- C:\windows\System32\nvdspsch.exe
[2009/03/27 10:03:00 | 001,101,824 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2009/03/27 10:03:00 | 000,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2009/03/27 10:03:00 | 000,449,056 | ---- | C] () -- C:\windows\System32\nvappbar.exe
[2009/03/27 10:03:00 | 000,436,768 | ---- | C] () -- C:\windows\System32\keystone.exe
[2009/02/22 11:57:52 | 004,421,889 | ---- | C] () -- C:\windows\System32\libavcodec.dll
[2009/02/18 07:57:22 | 000,557,451 | ---- | C] () -- C:\windows\System32\libmplayer.dll
[2009/02/16 11:19:42 | 000,790,190 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/02/16 10:32:20 | 000,425,040 | ---- | C] () -- C:\windows\System32\TomsMoComp_ff.dll
[2009/02/16 10:30:30 | 000,903,703 | ---- | C] () -- C:\windows\System32\ff_x264.dll
[2009/02/16 10:23:50 | 000,145,081 | ---- | C] () -- C:\windows\System32\libmpeg2_ff.dll
[2009/02/16 08:49:30 | 000,328,334 | ---- | C] () -- C:\windows\System32\ff_kernelDeint.dll
[2009/02/14 09:15:42 | 000,486,400 | ---- | C] () -- C:\windows\System32\ff_libfaad2.dll
[2009/02/09 16:28:18 | 000,098,304 | ---- | C] () -- C:\windows\System32\ff_wmv9.dll
[2009/02/09 14:19:18 | 000,183,296 | ---- | C] () -- C:\windows\System32\ff_samplerate.dll
[2009/02/09 14:19:12 | 000,178,688 | ---- | C] () -- C:\windows\System32\ff_libmad.dll
[2009/02/09 14:18:52 | 000,113,152 | ---- | C] () -- C:\windows\System32\ff_unrar.dll
[2009/02/09 14:18:32 | 000,146,944 | ---- | C] () -- C:\windows\System32\ff_tremor.dll
[2009/02/09 14:18:24 | 000,257,024 | ---- | C] () -- C:\windows\System32\ff_libdts.dll
[2009/02/09 14:18:20 | 000,142,848 | ---- | C] () -- C:\windows\System32\ff_liba52.dll
[2009/02/09 13:56:22 | 000,067,584 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/01/10 16:17:32 | 000,163,840 | ---- | C] () -- C:\windows\System32\ts.dll
[2009/01/10 16:16:56 | 000,148,480 | ---- | C] () -- C:\windows\System32\mkx.dll
[2009/01/10 16:16:50 | 000,108,032 | ---- | C] () -- C:\windows\System32\avi.dll
[2009/01/10 16:16:14 | 000,141,312 | ---- | C] () -- C:\windows\System32\mp4.dll
[2009/01/10 16:16:04 | 000,335,872 | ---- | C] () -- C:\windows\System32\gdsmux.exe
[2009/01/10 16:15:54 | 000,120,832 | ---- | C] () -- C:\windows\System32\ogm.dll
[2009/01/10 16:15:44 | 000,159,744 | ---- | C] () -- C:\windows\System32\mmfinfo.dll
[2009/01/10 16:15:36 | 000,103,424 | ---- | C] () -- C:\windows\System32\dsmux.exe
[2009/01/10 16:15:32 | 000,102,400 | ---- | C] () -- C:\windows\System32\avss.dll
[2009/01/10 16:15:28 | 000,246,784 | ---- | C] () -- C:\windows\System32\dxr.dll
[2009/01/10 16:15:12 | 000,097,280 | ---- | C] () -- C:\windows\System32\avs.dll
[2009/01/10 16:15:06 | 000,135,168 | ---- | C] () -- C:\windows\System32\mkv2vfr.exe
[2009/01/10 16:14:08 | 000,079,360 | ---- | C] () -- C:\windows\System32\mkzlib.dll
[2009/01/10 16:14:06 | 000,023,552 | ---- | C] () -- C:\windows\System32\mkunicode.dll
[2008/12/17 11:17:34 | 000,239,247 | ---- | C] () -- C:\windows\System32\ff_theora.dll
[2008/12/03 16:11:50 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2008/08/04 05:56:27 | 000,581,632 | ---- | C] () -- C:\windows\System32\nvhwvid.dll
[2008/08/04 05:56:27 | 000,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2008/07/09 02:05:24 | 000,020,480 | ---- | C] () -- C:\windows\System32\ac3config.exe
[2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\windows\System32\Dcache.bin
[2008/04/14 06:41:58 | 000,001,024 | ---- | C] () -- C:\windows\System32\grcauth2.dll
[2008/04/14 06:41:58 | 000,001,024 | ---- | C] () -- C:\windows\System32\grcauth1.dll
[2008/04/14 06:41:58 | 000,001,024 | ---- | C] () -- C:\windows\System32\clauth2.dll
[2008/04/14 06:41:58 | 000,001,024 | ---- | C] () -- C:\windows\System32\clauth1.dll
[2008/04/14 06:41:58 | 000,001,024 | ---- | C] () -- C:\windows\System32\cbgx58c.dll
[2007/10/13 03:30:20 | 000,000,137 | ---- | C] () -- C:\windows\System32\Registration.ini
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2007/02/19 06:20:28 | 000,106,496 | ---- | C] () -- C:\windows\System32\dlbtinsr.dll
[2007/02/19 06:20:24 | 000,036,864 | ---- | C] () -- C:\windows\System32\dlbtcur.dll
[2007/02/19 06:20:02 | 000,135,168 | ---- | C] () -- C:\windows\System32\dlbtjswr.dll
[2007/02/19 06:17:06 | 000,176,128 | ---- | C] () -- C:\windows\System32\dlbtinsb.dll
[2007/02/19 06:17:00 | 000,086,016 | ---- | C] () -- C:\windows\System32\dlbtcub.dll
[2007/02/19 06:16:52 | 000,073,728 | ---- | C] () -- C:\windows\System32\dlbtcu.dll
[2007/02/19 06:16:48 | 000,159,744 | ---- | C] () -- C:\windows\System32\dlbtins.dll
[2007/02/19 06:15:34 | 000,434,176 | ---- | C] () -- C:\windows\System32\dlbtutil.dll
[2007/02/07 16:57:16 | 000,344,064 | ---- | C] () -- C:\windows\System32\dlbtcoin.dll
[2007/01/22 06:18:28 | 000,069,632 | ---- | C] () -- C:\windows\System32\dlbtcfg.dll
[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2006/11/02 10:10:16 | 000,080,912 | ---- | C] () -- C:\windows\System32\sherlock2.exe
[2005/08/18 09:26:46 | 000,040,960 | ---- | C] () -- C:\windows\System32\dlbtvs.dll
[2005/05/25 12:07:26 | 000,061,440 | ---- | C] () -- C:\windows\System32\dlbtcnv4.dll
[2004/10/03 11:50:54 | 000,129,024 | ---- | C] () -- C:\windows\System32\ff_mpeg2enc.dll
[2004/08/04 06:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2004/08/04 06:00:00 | 000,441,124 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2004/08/04 06:00:00 | 000,071,060 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,463 | ---- | C] () -- C:\windows\System32\oembios.dat
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2004/01/30 14:07:46 | 000,245,408 | ---- | C] () -- C:\windows\System32\unicows.dll

< End of report >


extraslog

OTL Extras logfile created on: 2/17/2012 1:37:38 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = I:\MyDocuments\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 70.69% Memory free
4.83 Gb Paging File | 4.18 Gb Available in Paging File | 86.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 211.30 Gb Free Space | 45.37% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 221.51 Gb Free Space | 47.56% Space Free | Partition Type: NTFS
Drive L: | 465.76 Gb Total Space | 417.88 Gb Free Space | 89.72% Space Free | Partition Type: NTFS
Drive S: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive T: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive U: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive V: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive W: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive X: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive Y: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive Z: | 1842.86 Gb Total Space | 1537.22 Gb Free Space | 83.41% Space Free | Partition Type: NTFS

Computer Name: CHARLES | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1202660629-1767777339-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"13456:TCP" = 13456:TCP:*:Enabled:spport
"5537:TCP" = 5537:TCP:*:Enabled:spport
"1066:TCP" = 1066:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" = C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe:*:Enabled:CarboniteUI.exe -- (Carbonite, Inc.)
"C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe" = C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe:*:Enabled:CarboniteService.exe -- (Carbonite, Inc. (www.carbonite.com))
"C:\Program Files\Carbonite\Carbonite Backup\CarboniteSetup.exe" = C:\Program Files\Carbonite\Carbonite Backup\CarboniteSetup.exe:*:Enabled:CarboniteSetup.exe -- (Carbonite, Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dlbtcoms.exe" = C:\WINDOWS\system32\dlbtcoms.exe:*:Enabled:Photo AIO Printer 922 Server -- ( )
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe" = C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe:*:Enabled:Iomega Storage Manager 1.1.0.35983 -- (EMC)
"C:\Program Files\FlexiSIGN-PRO 7.6v2\Program\App.exe" = C:\Program Files\FlexiSIGN-PRO 7.6v2\Program\App.exe:*:Enabled:Design Software -- (Scanvec Amiable)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win -- (Akamai Technologies, Inc)
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\FlexiSIGN-PRO 7.6v2\Program\App2.exe" = C:\Program Files\FlexiSIGN-PRO 7.6v2\Program\App2.exe:*:Enabled:Production -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"_{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"_{EAB6F4ED-B18D-4BF5-B18E-3C7921560EC4}" = Corel Painter Sketch Pad
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00D6C191-50A2-4D9C-9285-1817D8420FB6}" = IPM
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}" = Xara 3D Maker 7
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3546340D-0D9B-4719-AA0B-906FB48FEBF9}" = ATI Catalyst Control Center
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43983EB4-43DC-4C3D-9712-1EF592A31CA8}" = OpenOffice.org 2.1
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1" = Aurora 3D Text & Logo Maker version 11.10.28
"{4F6B6582-B9F6-48B2-ABFC-48F097D07837}_is1" = Aurora 3D Presentation 2011 version 11.12.05
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{5BD093B2-58E6-467D-99E4-E88A5FFC412C}" = Painter Sketch Pad
"{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{72F6D9F1-98C4-473F-A540-ECDCEB6D3D76}" = Registration
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) v1.0.3705
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCFFAF65-50B7-4419-AFCA-A7BA797E2C3D}" = Topaz ReMask 2
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D983BA-8DC4-4A6C-B79B-3E556B18A38D}" = FlexiSIGN-PRO 8.1v1
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E31AC44E-2171-4BDF-AB11-B73FA70B7560}" = Adobe Setup
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7562F88-BDCC-44D3-9C6B-313FC43052B7}" = IconHandler 32 bit
"{E8815668-95B0-443D-AC92-2BFD7DD8F16A}" = Adobe Flash Catalyst CS5
"{E8A23C59-0C28-4ADD-A29B-E2DEC3D72D81}" = Adobe Dreamweaver CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{EAB6F4ED-B18D-4BF5-B18E-3C7921560EC4}" = Corel SketchPad - ICA
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8236DB8-CF1E-476B-A718-0ADBDBD97863}" = Autodesk SketchBookPro 2010
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCADA4FF-142C-42A8-B73C-0A54A7F83345}" = Genuine Fractals 6.0 Professional Edition
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adobe_b3cfa559ce37a120d439ea67f79a7a9" = Adobe Dreamweaver CS3
"Akamai" = Akamai NetSession Interface Service
"All ATI Software" = ATI - Software Uninstall Utility
"AMP Font Viewer" = AMP Font Viewer
"ATI Display Driver" = ATI Display Driver
"AVIcodec" = AVIcodec (remove only)
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Blow Up 2" = Alien Skin Blow Up 2
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleanUp!" = CleanUp!
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.3.0
"eMule" = eMule
"EnRoute 3" = EnRoute 3
"ESET Online Scanner" = ESET Online Scanner v3
"Everything" = Everything 1.2.1.371
"Eye Candy 6" = Alien Skin Eye Candy 6
"EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact
"EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature
"EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"FileZilla Client" = FileZilla Client 3.5.3
"FlexiSIGN-PRO 7.6v2" = FlexiSIGN-PRO 7.6v2
"Free Window Registry Repair" = Free Window Registry Repair
"GOM Player" = GOM Player
"huey_is1" = hueyPRO 1.5.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"Iomega Storage Manager" = Iomega Storage Manager
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"MAGIX_MSI_Xara3D7" = Xara 3D Maker 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MWSnap 3" = MWSnap 3
"NVIDIA Drivers" = NVIDIA Drivers
"Rainbow Sentinel Driver" = Sentinel System Driver
"RegInOut System Utilities3.0.0.2000" = RegInOut System Utilities
"Revo Uninstaller" = Revo Uninstaller 1.93
"SeparationStudio" = Separation Studio 03.00.015 - Freehand Graphics
"SiteGrinder3" = Media Lab SiteGrinder 3
"Snap Art" = Alien Skin Snap Art
"SyncBack_is1" = SyncBack
"Vector Magic" = Vector Magic
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinRAR archiver" = WinRAR archiver
"Xenofex2" = Alien Skin Xenofex 2
"Xls-Xlsx to Pdf Converter 3000_is1" = Xls-Xlsx to Pdf Converter 3000 7.4
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-1767777339-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"BitTorrent" = BitTorrent
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2012 5:01:03 AM | Computer Name = CHARLES | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2518864,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 2/17/2012 10:29:17 AM | Computer Name = CHARLES | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/17/2012 10:29:17 AM | Computer Name = CHARLES | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/17/2012 10:29:50 AM | Computer Name = CHARLES | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/17/2012 3:15:24 PM | Computer Name = CHARLES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/17/2012 3:15:24 PM | Computer Name = CHARLES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/17/2012 3:26:13 PM | Computer Name = CHARLES | Source = Application Error | ID = 1000
Description = Faulting application photoshop.exe, version 12.0.0.0, faulting module
adobeowl.dll, version 3.0.91.0, fault address 0x000c4564.

Error - 2/17/2012 3:31:58 PM | Computer Name = CHARLES | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/17/2012 3:31:59 PM | Computer Name = CHARLES | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 2/17/2012 3:32:30 PM | Computer Name = CHARLES | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 1/29/2012 5:00:40 AM | Computer Name = CHARLES | Source = Windows Update Agent | ID = 20
Description =

Error - 1/29/2012 5:00:40 AM | Computer Name = CHARLES | Source = Windows Update Agent | ID = 20
Description =

Error - 1/29/2012 5:00:42 AM | Computer Name = CHARLES | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/29/2012 5:00:42 AM | Computer Name = CHARLES | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/29/2012 5:00:44 AM | Computer Name = CHARLES | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/29/2012 5:00:44 AM | Computer Name = CHARLES | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/29/2012 5:00:47 AM | Computer Name = CHARLES | Source = Windows Update Agent | ID = 20
Description =

Error - 1/29/2012 5:00:47 AM | Computer Name = CHARLES | Source = Windows Update Agent | ID = 20
Description =

Error - 1/29/2012 5:00:48 AM | Computer Name = CHARLES | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/29/2012 5:00:48 AM | Computer Name = CHARLES | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >


5. computer is running ok. it is still doing some weird things like my preferences in adobe illustrator seem to have changed and recent docs in adobe don't show. but all that could be from me running combofix and kaspersky rescue disk to try to fix the rootkit? i will post the combofix log from the other day in the next post if you want me too?

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:09 PM

Posted 18 February 2012 - 02:26 AM

Hi krustus!

Not a problem! I'm glad to be able to lend a hand! :)

i will post the combofix log from the other day in the next post if you want me too?

Yes, please post that log file for me to review. It can be located in your C:\ drive.

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE - HKU\S-1-5-21-1202660629-1767777339-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    [2011/09/06 19:54:39 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\pspc.sys
    [2011/09/06 15:15:13 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\wpvj.sys
    [2011/09/06 11:43:57 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\hrvooc.sys
    [2011/09/06 11:32:49 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\qyfird.sys
    [2011/09/06 10:46:10 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\bqiae.sys
    [2011/09/06 10:10:59 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\qkcjnip.sys
    [2011/09/06 08:25:38 | 000,000,120 | ---- | C] () -- C:\windows\Ncisipataxuhiju.dat
    [2011/09/06 08:25:38 | 000,000,000 | ---- | C] () -- C:\windows\Pbameqijolozi.bin
    [2009/12/10 17:14:29 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\33A741AA03.sys
    
    :Reg
    
    :Files
    dir /s /a "C:\Documents and Settings\User\Desktop\562354_4" /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 krustus

krustus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 18 February 2012 - 04:55 PM

this infection is on my work computer. it will be monday before i can apply the OTL fix and also post the combofix log. i hope that is OK ? please stick with me.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:09 PM

Posted 19 February 2012 - 06:15 AM

Okay, not a problem. Thanks for letting me know.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 krustus

krustus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 20 February 2012 - 12:03 PM

otl log after custom fix.

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-1202660629-1767777339-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
127.0.0.1 activate.adobe.com removed from HOSTS file successfully
127.0.0.1 ereg.adobe.com removed from HOSTS file successfully
127.0.0.1 activate.wip3.adobe.com removed from HOSTS file successfully
127.0.0.1 wip3.adobe.com removed from HOSTS file successfully
127.0.0.1 3dns-3.adobe.com removed from HOSTS file successfully
127.0.0.1 3dns-2.adobe.com removed from HOSTS file successfully
127.0.0.1 adobe-dns.adobe.com removed from HOSTS file successfully
127.0.0.1 adobe-dns-2.adobe.com removed from HOSTS file successfully
127.0.0.1 adobe-dns-3.adobe.com removed from HOSTS file successfully
127.0.0.1 activate-sea.adobe.com removed from HOSTS file successfully
127.0.0.1 wwis-dubc1-vip60.adobe.com removed from HOSTS file successfully
127.0.0.1 activate-sjc0.adobe.com removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
C:\WINDOWS\system32\drivers\pspc.sys moved successfully.
C:\WINDOWS\system32\drivers\wpvj.sys moved successfully.
C:\WINDOWS\system32\drivers\hrvooc.sys moved successfully.
C:\WINDOWS\system32\drivers\qyfird.sys moved successfully.
C:\WINDOWS\system32\drivers\bqiae.sys moved successfully.
C:\WINDOWS\system32\drivers\qkcjnip.sys moved successfully.
C:\WINDOWS\Ncisipataxuhiju.dat moved successfully.
C:\WINDOWS\Pbameqijolozi.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\33A741AA03.sys moved successfully.
========== REGISTRY ==========
========== FILES ==========
< dir /s /a "C:\Documents and Settings\User\Desktop\562354_4" /c >
Volume in drive C is DRV5_VOL1
Volume Serial Number is 5CD6-8234
Directory of C:\Documents and Settings\User\Desktop\562354_4
02/15/2012 09:10 AM <DIR> .
02/15/2012 09:10 AM <DIR> ..
12/22/2011 04:43 PM 476,224 RootkitRemover.exe
02/10/2012 03:01 PM 240 RootkitRemover20120210150117.txt
02/10/2012 03:50 PM 240 RootkitRemover20120210155053.txt
02/15/2012 09:10 AM 240 RootkitRemover20120215091050.txt
4 File(s) 476,944 bytes
Total Files Listed:
4 File(s) 476,944 bytes
2 Dir(s) 226,226,094,080 bytes free
I:\MyDocuments\Downloads\cmd.bat deleted successfully.
I:\MyDocuments\Downloads\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\windows\system32\drivers\etc\hosts
I:\MyDocuments\Downloads\cmd.bat deleted successfully.
I:\MyDocuments\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
I:\MyDocuments\Downloads\cmd.bat deleted successfully.
I:\MyDocuments\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: glus backup

User: gplus

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 937 bytes
->Flash cache emptied: 32489 bytes

User: sg_cms

User: sg_home_media

User: sg_jscripts

User: spurlin static

User: User
->Temp folder emptied: 117950339 bytes
->Temporary Internet Files folder emptied: 654157 bytes
->Java cache emptied: 151117 bytes
->FireFox cache emptied: 226625432 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1973749 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 368480 bytes
Windows Temp folder emptied: 525879 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1939014 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3893740007 bytes

Total Files Cleaned = 4,048.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: glus backup

User: gplus

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: sg_cms

User: sg_home_media

User: sg_jscripts

User: spurlin static

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: glus backup

User: gplus

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: sg_cms

User: sg_home_media

User: sg_jscripts

User: spurlin static

User: User
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.32.0 log created on 02202012_105636

Files\Folders moved on Reboot...
C:\windows\temp\Perflib_Perfdata_598.dat moved successfully.
File\Folder C:\windows\temp\Perflib_Perfdata_710.dat not found!

Registry entries deleted on Reboot...

#8 krustus

krustus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 20 February 2012 - 12:04 PM

this is the combo fix from about a week ago.

ComboFix 12-02-12.01 - User 02/13/2012 9:30.14.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2507 [GMT -6:00]
Running from: E:\randomname.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
.
.
2012-02-10 16:00 . 2012-02-13 08:16 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-01-18 14:33 . 2012-01-18 14:33 -------- d-----w- C:\found.000
2012-01-17 21:39 . 2008-04-14 07:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2011-09-08 17:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-14 12:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-14 08:00 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 12:42 60416 ------w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 12:42 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 12:42 152064 ----a-w- c:\windows\system32\schannel.dll
2012-02-02 21:26 . 2011-08-17 13:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-25 . 0CDE394F7FB69CB8548CFCA61F1B3855 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46 195360 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient_2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 01:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 01:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 01:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
"Akamai NetSession Interface"="c:\documents and settings\User\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
"DIMDownloading your update...1270498514694"="c:\program files\Corel\CorelDRAW Graphics Suite X5\Draw\DIM.exe" [2010-05-21 95592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-05 16010752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-07-27 57344]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\User\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-7-27 57344]
Iomega Storage Manager.lnk - c:\program files\Iomega Storage Manager\IomegaStorageManager.exe [2011-8-5 2158160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2009-4-3 1081344]
Register Mask Pro 3.0.lnk - c:\program files\onOne Software\Mask Pro 4.1\<FILE_REGISTRATION_APP> [N/A]
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-2-23 708608]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2011-11-13 13:53 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Carbonite\\Carbonite Backup\\CarboniteUI.exe"=
"c:\\Program Files\\Carbonite\\Carbonite Backup\\CarboniteService.exe"=
"c:\\Program Files\\Carbonite\\Carbonite Backup\\CarboniteSetup.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Iomega Storage Manager\\IomegaStorageManager.exe"=
"c:\\Program Files\\FlexiSIGN-PRO 7.6v2\\Program\\App.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\FlexiSIGN-PRO 7.6v2\\Program\\App2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
"13456:TCP"= 13456:TCP:spport
"5537:TCP"= 5537:TCP:spport
"1141:TCP"= 1141:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 12:23 PM 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [9/6/2011 2:33 PM 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 6:42 AM 14336]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [3/15/2011 11:41 AM 57344]
R2 PCloudd;PCloudd;c:\program files\Iomega Storage Manager\pCloudd.exe [8/5/2011 7:14 PM 207360]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [3/10/2011 3:05 PM 4807536]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 5:34 PM 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 7:27 PM 19472]
S0 cojug;cojug;c:\windows\system32\drivers\jxvwxy.sys --> c:\windows\system32\drivers\jxvwxy.sys [?]
S2 ASTSRV;AST HighEnd Service;c:\windows\system32\ASTSRV.EXE [9/13/2011 2:44 PM 57344]
S2 gupdate1c9ba04b89fa2f8;Google Update Service (gupdate1c9ba04b89fa2f8);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2009 11:47 AM 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\i:\everest ultimate edition v 3[1].50 working\EVEREST Ultimate Edition v 3.50 Working\EVEREST Ultimate Edition\kerneld.wnt --> i:\everest ultimate edition v 3[1].50 working\EVEREST Ultimate Edition v 3.50 Working\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2009 11:47 AM 133104]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\User\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\User\LOCALS~1\Temp\mfe_rr.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\drivers\vNICdrv.sys [8/5/2011 7:14 PM 17488]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [4/4/2009 10:40 AM 10752]
S4 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
itnetsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-USER-ADA8BAFC4E-User.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2003-01-17 09:44]
.
2009-04-06 c:\windows\Tasks\fre.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:42]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cabbce3e4661dc.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 17:47]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 17:47]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1767777339-1801674531-1004Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-22 16:14]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1767777339-1801674531-1004UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-22 16:14]
.
2012-01-18 c:\windows\Tasks\RegInOut Scheduled Scan - User.job
- c:\program files\RegInOut\RegInOut.exe [2011-03-12 19:13]
.
2012-02-09 c:\windows\Tasks\SyncBack lee apparel screen print.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-04-07 17:00]
.
2012-02-09 c:\windows\Tasks\SyncBack sign source NAS.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-04-07 17:00]
.
2012-02-09 c:\windows\Tasks\testrun.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\rnjg7ct2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-13 09:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ImagePath"="\??\I:\EVEREST Ultimate Edition v 3
[1].50 Working\EVEREST Ultimate Edition v 3.50 Working\EVEREST Ultimate Edition\kerneld.wnt"
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\EverestDriver]
"ImagePath"="\??\I:\EVEREST Ultimate Edition v 3
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1202660629-1767777339-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-02-13 09:45:56
ComboFix-quarantined-files.txt 2012-02-13 15:45
ComboFix2.txt 2012-02-13 15:18
ComboFix3.txt 2012-02-13 14:56
ComboFix4.txt 2012-01-17 22:04
ComboFix5.txt 2012-02-13 15:20
.
Pre-Run: 391,195,508,736 bytes free
Post-Run: 391,186,051,072 bytes free
.
- - End Of File - - 62A044FA8D064320E155F34E53D51AFB

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:09 PM

Posted 21 February 2012 - 02:18 AM

Hi!

Thanks for posting both of those log files for me to review.

I'd like to have you run a new scan with ComboFix. If it prompts you to update, please allow it to do so.

Post that log file for me to review, and then we'll see where we stand there.

Be sure to provide me with an update on the status of your computer in your next rely.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 krustus

krustus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 21 February 2012 - 05:25 PM

computer has been running pretty decent... been using it all day. that is why i just now ran combofix

here is the last combofix log. when i ran it i got the rootkit activity detected message.

ComboFix 12-02-21.02 - User 02/21/2012 16:07:51.15.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2501 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-16 05:29 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-16 05:29 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-13 20:09 . 2012-02-13 20:53 -------- d-----w- C:\SIGN DEPOT JOBS
2012-02-13 19:31 . 2012-02-13 19:31 -------- d-----w- c:\program files\Common Files\Java
2012-02-13 19:21 . 2012-02-13 19:21 -------- d-----w- c:\program files\CCleaner
2012-02-13 18:53 . 2012-02-13 18:53 -------- d-----w- c:\program files\VS Revo Group
2012-02-10 16:00 . 2012-02-13 08:16 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 14:29 . 2011-05-20 16:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2008-04-14 08:00 1859968 ------w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-07-25 02:12 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-07-25 02:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-07-25 02:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-07-25 02:11 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 21:24 . 2011-09-08 17:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-14 12:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2012-02-17 19:35 . 2011-08-17 13:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-25 . 0CDE394F7FB69CB8548CFCA61F1B3855 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46 195360 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient_2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 01:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 01:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 01:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
"Akamai NetSession Interface"="c:\documents and settings\User\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
"DIMDownloading your update...1270498514694"="c:\program files\Corel\CorelDRAW Graphics Suite X5\Draw\DIM.exe" [2010-05-21 95592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-05 16010752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-07-27 57344]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\User\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-7-27 57344]
Iomega Storage Manager.lnk - c:\program files\Iomega Storage Manager\IomegaStorageManager.exe [2011-8-5 2158160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2009-4-3 1081344]
Register Mask Pro 3.0.lnk - c:\program files\onOne Software\Mask Pro 4.1\<FILE_REGISTRATION_APP> [N/A]
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-2-23 708608]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2011-11-13 13:53 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Carbonite\\Carbonite Backup\\CarboniteUI.exe"=
"c:\\Program Files\\Carbonite\\Carbonite Backup\\CarboniteService.exe"=
"c:\\Program Files\\Carbonite\\Carbonite Backup\\CarboniteSetup.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Iomega Storage Manager\\IomegaStorageManager.exe"=
"c:\\Program Files\\FlexiSIGN-PRO 7.6v2\\Program\\App.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\FlexiSIGN-PRO 7.6v2\\Program\\App2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
"13456:TCP"= 13456:TCP:spport
"5537:TCP"= 5537:TCP:spport
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 12:23 PM 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [9/6/2011 2:33 PM 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 6:42 AM 14336]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [3/15/2011 11:41 AM 57344]
R2 PCloudd;PCloudd;c:\program files\Iomega Storage Manager\pCloudd.exe [8/5/2011 7:14 PM 207360]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [3/10/2011 3:05 PM 4807536]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 5:34 PM 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 7:27 PM 19472]
S0 cojug;cojug;c:\windows\system32\drivers\jxvwxy.sys --> c:\windows\system32\drivers\jxvwxy.sys [?]
S2 ASTSRV;AST HighEnd Service;c:\windows\system32\ASTSRV.EXE [9/13/2011 2:44 PM 57344]
S2 gupdate1c9ba04b89fa2f8;Google Update Service (gupdate1c9ba04b89fa2f8);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2009 11:47 AM 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\i:\everest ultimate edition v 3[1].50 working\EVEREST Ultimate Edition v 3.50 Working\EVEREST Ultimate Edition\kerneld.wnt --> i:\everest ultimate edition v 3[1].50 working\EVEREST Ultimate Edition v 3.50 Working\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2009 11:47 AM 133104]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\User\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\User\LOCALS~1\Temp\mfe_rr.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\drivers\vNICdrv.sys [8/5/2011 7:14 PM 17488]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [4/4/2009 10:40 AM 10752]
S4 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
itnetsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-USER-ADA8BAFC4E-User.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2003-01-17 09:44]
.
2009-04-06 c:\windows\Tasks\fre.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:42]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cabbce3e4661dc.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 17:47]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 17:47]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1767777339-1801674531-1004Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-22 16:14]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1767777339-1801674531-1004UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-22 16:14]
.
2012-01-18 c:\windows\Tasks\RegInOut Scheduled Scan - User.job
- c:\program files\RegInOut\RegInOut.exe [2011-03-12 19:13]
.
2012-02-21 c:\windows\Tasks\SyncBack lee apparel screen print.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-04-07 17:00]
.
2012-02-21 c:\windows\Tasks\SyncBack sign source NAS.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-04-07 17:00]
.
2012-02-21 c:\windows\Tasks\testrun.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\rnjg7ct2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-21 16:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ImagePath"="\??\I:\EVEREST Ultimate Edition v 3
[1].50 Working\EVEREST Ultimate Edition v 3.50 Working\EVEREST Ultimate Edition\kerneld.wnt"
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\EverestDriver]
"ImagePath"="\??\I:\EVEREST Ultimate Edition v 3
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1202660629-1767777339-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-02-21 16:22:06
ComboFix-quarantined-files.txt 2012-02-21 22:21
ComboFix2.txt 2012-02-13 15:45
ComboFix3.txt 2012-02-13 15:18
ComboFix4.txt 2012-02-13 14:56
ComboFix5.txt 2012-02-21 15:59
.
Pre-Run: 226,227,789,824 bytes free
Post-Run: 226,231,201,792 bytes free
.
- - End Of File - - C5B014F983832B3643E2192DA7476AD2

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:09 PM

Posted 22 February 2012 - 11:14 AM

Hi krustus!

Glad to hear that things appear to be working better.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
Driver::
cojug
File::
c:\windows\system32\drivers\jxvwxy.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:


Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 krustus

krustus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 24 February 2012 - 01:02 PM

sweet tech... i have had to give up and get a new computer. this one was messing me up at work. i really appreciate your help... sorry i couldn't hang in with you long enough to fix this.

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:09 PM

Posted 25 February 2012 - 08:56 AM

Hi!

Not a problem! I completely understand.

Please take a read through these tips for how to prevent becoming infected in the future:

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:09 PM

Posted 06 March 2012 - 03:52 AM

Since it appears that the issues you were experiencing with your computer have been resolved, I am going to close this thread. If you should need the thread re-opened please send me a Private Message (PM) with a request to re-open the thread, as well as the link to the thread in question, and I'd be happy to re-open the thread.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users