Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects, keyboard and mouse disabled on bootup


  • This topic is locked This topic is locked
38 replies to this topic

#1 sinick

sinick

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 09 March 2012 - 03:43 PM

I received help from this forum a while ago with removing a rootkit from my computer. The person who helped me said I was clean after using a few tools, but I still get seemingly random browser redirects occasionally. Also, whenever I restart my computer, the keyboard and mouse are disabled during the time when I should be able to enter safe mode, but I can't because I can't use the keyboard. The are activated before and after the boot sequence where I would usually be able to enter safe mode.

Running the GMER executable makes me get a blue screen, I don't even get to the main window of the application. The computer reboots itself before I can read the blue screen text.

My computer also often shows a "microsoft error reporting" window that will come up saying that "some unexpected errors have happened to software you recently used". It lists multiple instances of a failed update of event type "visualstudio7x8update" (when i click on the 'what data does this error report contain?' link in the 'more information field of the details table), and the application field in the details table of the report says "NDP1.1sp1-KB2656353-X86"

I am most concerned about the redirecting, but the keyboard and mouse disable worries me as well. I might post in the XP users forum about the keyboard/mouse disable, but the redirects are something I definitely want to address first, and I did not want to create two similar forum posts.

Defogged, dds files are included.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Admin at 14:34:31 on 2012-03-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.1757 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\LiteStep\litestep.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Jump Desktop\JumpService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\UltraVNC Addons\uvnc_service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
c:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\program files\steam\steam.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Jump Desktop\JumpDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\avira\antivir desktop\ipmGui.exe
c:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe
C:\Documents and Settings\Admin\My Documents\Downloads\Defogger(1).exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local;192.168.*.*;*.local
uWinlogon: SHELL=c:\program files\litestep\litestep.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\documents and settings\admin\local settings\application data\programs\google\musicmanager\MusicManager.exe"
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Jump Desktop] c:\program files\jump desktop\JumpDesktop.exe autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GBB36X Configure] c:\windows\system32\JMRaidTool.exe boot
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\admin\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\styler.lnk - c:\documents and settings\admin\application data\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235253539500
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235253943156
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{00B3A75B-9A9A-4EDE-9286-804A13E1D337} : DhcpNameServer = 192.168.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
Hosts: 184.95.41.155 www.google-analytics.com.
Hosts: 184.95.41.155 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\fyrfcmdo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://paulgraham.com/head.html
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - plugin: c:\documents and settings\admin\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=110112_ocl
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar_i.id - 505b9147000000000000001a4d64f884
FF - user.js: extensions.BabylonToolbar_i.hardId - 505b9147000000000000001a4d64f884
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15358
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:00:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - orgnl
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - na
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-1-9 64512]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-9 36000]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslcc8285ff;MpKslcc8285ff;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5265fde3-93c4-49a0-9069-db548f2a8da2}\MpKslcc8285ff.sys [2012-3-9 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-6 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-1-9 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-1-9 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-2 74640]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-11-19 87368]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-14 233472]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-7-27 6656]
R2 JumpDesktop;Jump Desktop Service;c:\program files\jump desktop\JumpService.exe [2011-12-21 7680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-10-28 2152152]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-10-27 10384]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-9 2348352]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-2-9 531328]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-11-10 370504]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]
R2 Uvnc_service;Uvnc_service;c:\program files\ultravnc addons\uvnc_service.exe [2009-11-10 63296]
R2 V2WCDRV;Video2Webcam;c:\windows\system32\drivers\V2WCDRV.sys [2011-7-6 1053056]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-22 24652]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-11-10 13384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-14 36608]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-10-28 15232]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\admin\my documents\my downloads\vcdrom.sys --> c:\documents and settings\admin\my documents\my downloads\VCdRom.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PEVSystemStart;PEVSystemStart;"c:\combofix\pev.3xe" exec /i "c:\combofix\hidec.3xe" "c:\combofix\swreg.3xe" acl "hkey_local_machine\system\currentcontrolset\enum\root\legacy_beep" /reset /q --> c:\combofix\pev.3XE [?]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2011-11-30 6016]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-30 40776]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2012-2-15 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-2-15 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-2-15 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2012-2-15 42752]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2011-11-30 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2012-2-15 11008]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2011-12-23 50704]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [2011-7-6 611584]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva248;XDva248;\??\c:\windows\system32\xdva248.sys --> c:\windows\system32\XDva248.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
UnknownUnknown MpKsl85ce2c90;MpKsl85ce2c90; [x]
.
=============== Created Last 30 ================
.
2012-03-09 20:23:34 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5265fde3-93c4-49a0-9069-db548f2a8da2}\MpKslcc8285ff.sys
2012-03-09 19:21:01 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5265fde3-93c4-49a0-9069-db548f2a8da2}\mpengine.dll
2012-03-04 07:24:21 -------- d-----w- c:\program files\iPod
2012-03-04 07:21:45 -------- d-----w- c:\program files\Bonjour
2012-02-19 00:27:57 -------- d-----w- c:\program files\NZ Software
2012-02-19 00:02:16 -------- d-----w- c:\documents and settings\admin\application data\Rainmeter
2012-02-18 19:19:26 -------- d-----w- c:\documents and settings\admin\local settings\application data\Stardock
2012-02-18 19:19:02 -------- d-----w- c:\program files\nCube
2012-02-18 19:00:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-18 07:03:15 -------- d-----w- c:\documents and settings\admin\local settings\application data\{FFFA2FB9-4857-4475-8379-F36343DA5801}
2012-02-16 04:54:20 -------- d-----w- C:\SBF
2012-02-16 04:17:22 -------- d-----w- C:\USB_Driver_3.4.6_patch_ for HG
2012-02-16 04:17:22 -------- d-----w- C:\USB Driver_TI
2012-02-16 04:06:27 -------- d-----w- C:\Temp
2012-02-16 04:06:15 25856 ----a-w- c:\windows\system32\drivers\motoandroid.sys
2012-02-16 04:06:15 11008 ----a-w- c:\windows\system32\drivers\motusbdevice.sys
2012-02-16 04:06:13 24064 ----a-w- c:\windows\system32\drivers\motmodem.sys
2012-02-16 04:06:12 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2012-02-16 04:06:12 6400 ----a-w- c:\windows\system32\drivers\motswch.sys
2012-02-16 04:06:12 20480 ----a-w- c:\windows\system32\drivers\motccgp.sys
2012-02-16 04:06:11 42752 ----a-w- c:\windows\system32\drivers\motodrv.sys
2012-02-15 08:48:20 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 08:48:20 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-13 01:48:05 -------- dc-h--w- c:\documents and settings\all users\application data\{CF75871F-D685-410F-9CA9-2F56AC74463B}
2012-02-13 01:47:00 -------- d-----w- c:\program files\common files\Tom Sawyer Software
2012-02-13 01:46:59 -------- d-----w- c:\program files\Embarcadero
2012-02-13 01:45:21 -------- d-----w- c:\documents and settings\all users\application data\Embarcadero
2012-02-13 01:45:21 -------- d-----w- c:\documents and settings\admin\application data\Embarcadero
.
==================== Find3M ====================
.
2012-03-09 19:58:14 292860 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-03-09 19:58:14 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-03-09 19:58:11 292860 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-02-19 00:52:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-18 19:00:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 04:10:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:10:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:10:00 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:10:00 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-10 04:10:00 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:10:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:10:00 2292224 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:10:00 18620416 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-10 04:10:00 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:10:00 13415040 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-10 04:10:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 03:04:29 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-10 03:04:21 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-10 03:04:21 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-10 03:04:20 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:04:19 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 07:08:30 6908648 -c--a-w- c:\windows\system32\SpoonUninstall.exe
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-10 05:34:22 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-10 05:34:20 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-05 02:05:21 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-12-30 16:24:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-25 01:15:41 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-25 01:15:41 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-23 09:01:51 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-12-23 09:01:51 281104 ----a-w- c:\windows\system32\wpcap.dll
2011-12-23 09:01:51 100880 ----a-w- c:\windows\system32\Packet.dll
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-15 21:00:35 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-15 21:00:35 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:35:20.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:54 AM

Posted 09 March 2012 - 08:35 PM

Hi,

Did you intentionally install the Babylon toolbar? If not, please go to add/remove programs and uninstall it, then open FireFox > tools > add-ons and uninstall/disable the Babylon toolbar if you see it there


then do the following:

Please download MiniToolBox, save it to your desktop and run it.

Place a checkmark in the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using the "Reset FF Proxy Settings" option, Firefox should be closed.



NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 09 March 2012 - 09:42 PM

I do not see the Babylon toolbar installed in the add/remove programs window or in the add-ons section of Firefox.

MiniToolBox result included.

Nothing found by TDSSKiller, and I was not prompted to reboot. Log is included.

aswMBR log included.

MBR zipped file attached.





MiniToolBox by Farbar Version: 18-01-2012
Ran by Admin (administrator) on 09-03-2012 at 19:52:55
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost









69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.
184.95.41.155 www.google-analytics.com.
184.95.41.155 ad-emea.doubleclick.net.
184.95.41.155 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : nick-9897fd19a0

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : tx.rr.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : tx.rr.com

Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller

Physical Address. . . . . . . . . : 00-1A-4D-64-F8-84

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.147

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Friday, March 09, 2012 2:22:41 PM

Lease Expires . . . . . . . . . . : Saturday, March 10, 2012 2:22:41 PM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.227.9, 74.125.227.14, 74.125.227.0, 74.125.227.1
74.125.227.2, 74.125.227.3, 74.125.227.4, 74.125.227.5, 74.125.227.6
74.125.227.7, 74.125.227.8



Pinging google.com [74.125.227.4] with 32 bytes of data:



Reply from 74.125.227.4: bytes=32 time=52ms TTL=53

Reply from 74.125.227.4: bytes=32 time=15ms TTL=53



Ping statistics for 74.125.227.4:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 15ms, Maximum = 52ms, Average = 33ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70, 98.139.127.62, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=60ms TTL=48

Reply from 98.139.183.24: bytes=32 time=97ms TTL=48



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 60ms, Maximum = 97ms, Average = 78ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a 4d 64 f8 84 ...... Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.147 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.147 192.168.0.147 20
192.168.0.0 255.255.255.0 192.168.0.147 192.168.0.147 10
192.168.0.147 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.147 192.168.0.147 10
224.0.0.0 240.0.0.0 192.168.0.147 192.168.0.147 10
255.255.255.255 255.255.255.255 192.168.0.147 192.168.0.147 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/09/2012 03:00:24 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatewrapdrvr.exe1.0.1701.5039kb265635310338000fffffinstallx865.1.2600.2.3.0.7680

Error: (03/08/2012 03:00:24 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatewrapdrvr.exe1.0.1701.5039kb265635310338000fffffinstallx865.1.2600.2.3.0.7680

Error: (03/07/2012 03:00:19 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatewrapdrvr.exe1.0.1701.5039kb265635310338000fffffinstallx865.1.2600.2.3.0.7680

Error: (03/06/2012 03:00:23 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatewrapdrvr.exe1.0.1701.5039kb265635310338000fffffinstallx865.1.2600.2.3.0.7680

Error: (03/05/2012 03:00:23 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatewrapdrvr.exe1.0.1701.5039kb265635310338000fffffinstallx865.1.2600.2.3.0.7680

Error: (03/04/2012 03:00:21 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatewrapdrvr.exe1.0.1701.5039kb265635310338000fffffinstallx865.1.2600.2.3.0.7680

Error: (03/04/2012 01:16:29 AM) (Source: Bonjour Service) (User: )
Description: 440: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (03/04/2012 01:16:29 AM) (Source: Bonjour Service) (User: )
Description: 424: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (03/04/2012 01:16:29 AM) (Source: Bonjour Service) (User: )
Description: 408: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (03/04/2012 01:16:29 AM) (Source: Bonjour Service) (User: )
Description: 208: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


System errors:
=============
Error: (03/09/2012 07:53:02 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (03/09/2012 07:53:01 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (03/09/2012 07:53:01 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (03/09/2012 07:53:01 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (03/09/2012 07:53:00 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (03/09/2012 07:53:00 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (03/09/2012 07:53:00 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (03/09/2012 07:53:00 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (03/09/2012 07:52:59 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (03/09/2012 07:52:59 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (03/09/2012 03:00:24 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatewrapdrvr.exe1.0.1701.5039kb265635310338000fffffinstallx865.1.2600.2.3.0.7680

Error: (03/08/2012 03:00:24 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatewrapdrvr.exe1.0.1701.5039kb265635310338000fffffinstallx865.1.2600.2.3.0.7680

Error: (03/07/2012 03:00:19 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatewrapdrvr.exe1.0.1701.5039kb265635310338000fffffinstallx865.1.2600.2.3.0.7680

Error: (03/06/2012 03:00:23 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatewrapdrvr.exe1.0.1701.5039kb265635310338000fffffinstallx865.1.2600.2.3.0.7680

Error: (03/05/2012 03:00:23 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatewrapdrvr.exe1.0.1701.5039kb265635310338000fffffinstallx865.1.2600.2.3.0.7680

Error: (03/04/2012 03:00:21 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatewrapdrvr.exe1.0.1701.5039kb265635310338000fffffinstallx865.1.2600.2.3.0.7680

Error: (03/04/2012 01:16:29 AM) (Source: Bonjour Service)(User: )
Description: 440: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (03/04/2012 01:16:29 AM) (Source: Bonjour Service)(User: )
Description: 424: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (03/04/2012 01:16:29 AM) (Source: Bonjour Service)(User: )
Description: 408: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (03/04/2012 01:16:29 AM) (Source: Bonjour Service)(User: )
Description: 208: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 2.1.5)
7-Zip 4.65
AAC Decoder (Version: 7.1.0)
Ad-Aware (Version: 9.6.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5)
AIO_Scan (Version: 82.0.203.000)
Amazon Kindle
Amnesia: The Dark Descent
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
AutoUpdate (Version: 1.1)
Avira Free Antivirus (Version: 12.0.0.898)
BioShock 2 (Version: 1.0.0002.131)
BIT.TRIP RUNNER
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 82.0.173.000)
Call of Duty® - World at War™ 1.1 Patch
Call of Duty® - World at War™ 1.2 Patch
Call of Duty® - World at War™ 1.3 Patch
Call of Duty® - World at War™ 1.4 Patch
Call of Duty® - World at War™ 1.5 Patch
Call of Duty® - World at War™ 1.6 Patch
Call of Duty® - World at War™ 1.7 Patch
Call of Duty® - World at War™ 1.7 Patch (Version: 1.7)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (Version: 1.6)
Call of Duty: Modern Warfare 3 - Multiplayer
Canon Camera Access Library (Version: 8.3.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.4.0.9)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.3.0.8)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.4.0.14)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.6.0.13)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.7.0.8)
Canon Utilities ZoomBrowser EX (Version: 5.8.0.74)
Cave Story+
CCleaner (Version: 3.14)
CDDRV_Installer (Version: 4.60)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy (Version: 120.0.214.000)
CreativeProjects (Version: 43.0.125.000)
CreativeProjectsTemplates (Version: 43.0.125.000)
Critical Update for Windows Media Player 11 (KB959772)
CueTour (Version: 43.0.125.000)
Darwinia
dBpoweramp Music Converter (Version: Release 14.2)
Dead Space 2
DEFCON
Defraggler
Destination Component (Version: 090.000.091.086)
Deus Ex: Human Revolution
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
Dinner Date
Director (Version: 43.0.125.000)
Disk Space Fan 1.4.4.5
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
DivX Version Checker (Version: 7.1.0.9)
DJ_AIO_ProductContext (Version: 82.0.203.000)
DJ_AIO_Software (Version: 82.0.203.000)
DJ_AIO_Software_min (Version: 82.0.203.000)
Dota 2
doubleTwist (Version: 3.2.0.12944)
Dropbox (Version: 1.2.52)
Dual-Core Optimizer (Version: 1.1.4.0169)
Embarcadero ERStudio Data Architect 9.1 (Version: 9.1.1)
ER/Studio Data Architect 9.1
erLT (Version: 1.20.0137)
Evernote v. 4.5.2 (Version: 4.5.2.5904)
F.lux
F4100 (Version: 82.0.203.000)
F4100_Help (Version: 82.0.203.000)
Facebook Video Calling 1.0.0.8953 (Version: 1.0.8953)
Frozen Synapse
Gigabyte Raid Configurer (Version: 1.00.0000)
Google Chrome (Version: 17.0.963.78)
Google Gmail Notifier
H.264 Decoder (Version: 1.1.0)
Hex Color Finder
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Deskjet 6800
HP Deskjet 6800 (Version: 1.00.0000)
HP Deskjet All-In-One Software 8.0 (Version: 8.0)
HP Diagnostic Assistant (Version: 1.0.0.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Photo & Imaging 4.1 (Version: 4.1)
HP Software Update (Version: 3.0.1.25)
HP Update (Version: 5.002.005.003)
HPSystemDiagnostics (Version: 1.5.0.0)
HuxleyTheDystopia (Version: 1.00.0000)
InstantShare (Version: 4.0.0.40)
iPhone Configuration Utility (Version: 2.1.0.163)
iTunes (Version: 10.5.3.3)
J2SE Development Kit 5.0 Update 9 (Version: 1.5.0.90)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Jack Claw
Jamestown
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
JCreator LE 4.00
jGRASP (Version: 1.8.3)
Jump Desktop (Version: 3.2.0)
KhalInstallWrapper (Version: 4.70.213)
LAME v3.98.3 for Audacity
LastPass (uninstall only)
Launchy 2.5
Left 4 Dead 2
LightScribe 1.4.97.1 (Version: 1.4.97.1)
Logitech SetPoint (Version: 4.70)
LOSI 0.4.5 (Version: 0.4.5)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Games for Windows - LIVE (Version: 3.2.217.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft IntelliPoint 6.3 (Version: 6.30.191.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31007)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31010)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
MKV Splitter (Version: 1.0.1)
MotoCast (Version: 1.1.58)
MotoHelper 2.1.32 Driver 5.4.0 (Version: 2.1.32)
MotoHelper MergeModules (Version: 1.2.0)
MOTOROLA MEDIA LINK (Version: 1.7.0129.0)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MPlugin_USA (Version: 1.5.0.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multiwinia
Music Manager
Nero BurnRights
Nero Suite
NetBeans IDE 5.0
Netflix Movie Viewer (Version: 1.2.211)
NightSky
Notepad++ (Version: 5.9.6.2)
NVIDIA Control Panel 295.73 (Version: 295.73)
NVIDIA Graphics Driver 295.73 (Version: 295.73)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.18 (Version: 136.18)
NVIDIA nView Desktop Manager (Version: 6.14.10.13570)
NVIDIA PhysX (Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
OpenAL
Overland (Version: 2.1.5)
Paint.NET v3.5.10 (Version: 3.60.0)
Pando Media Booster (Version: 2.3.5.4)
PhotoGallery (Version: 43.0.125.000)
Portal 2
PrintScreen (Version: 43.0.125.000)
PunkBuster Services (Version: 0.986)
Python 2.5 comtypes-0.6.2
Python 2.5 PIL-1.1.6
Python 2.5 psyco-1.6
Python 2.5 pywin32-216
Python 2.5.2 (Version: 2.5.2150)
QFolder (Version: 1.00.0000)
QuickProjects (Version: 43.0.125.000)
QuickTime (Version: 7.71.80.42)
Rainmeter (Version: 2.2 r1116)
Realtek High Definition Audio Driver (Version: 5.10.0.5282)
Recettear: An Item Shop's Tale - Demo
Recuva (remove only)
RocketDock 1.3.5
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio (Version: 1.00.0000)
SamsungConnectivityCableDriver (Version: 6.83.6.2.1)
Scan (Version: 8.1.0.0)
Segoe UI (Version: 14.0.4327.805)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Shank
SkinsHP1 (Version: 43.0.125.000)
SpaceChem
SpeedFan (remove only)
Splashtop Streamer (Version: 1.7.5.4)
Spybot - Search & Destroy (Version: 1.6.2)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
StarCraft II (Version: 1.3.5.19132)
Status (Version: 110.0.180.000)
Steam (Version: 1.0.0.0)
Styler (Version: 1.4.0.1)
Super Meat Boy
Super Meat Boy Editor
SUPERAntiSpyware Free Edition (Version: 4.25.0.1012)
System Requirements Lab
Team Fortress 2
Terraria
The Binding Of Isaac
The Elder Scrolls V: Skyrim
TightVNC 2.0.2 (Version: 2.0.2)
Toolbox (Version: 82.0.173.000)
TRAUMA
TrayApp (Version: 110.0.180.000)
Tweak UI
UnloadSupport (Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Uplink
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Ventrilo Client (Version: 3.0.4)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VVVVVV
Webcam 1200 (Version: 1.0.0.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 82.0.173.000)
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8064.0206)
Windows Live Essentials (Version: 14.0.8064.206)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Messenger (Version: 14.0.8064.0206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
wxPython 2.8.11.0 (ansi) for Python 2.5 (Version: 2.8.11.0-ansi)
Xftp 4 (Version: 4.0.0082)
Xmanager Enterprise 4 (Version: 4.0.0184)

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 3582.42 MB
Available physical RAM: 1976.88 MB
Total Pagefile: 5464.83 MB
Available Pagefile: 3858.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.33 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:279.45 GB) (Free:71.74 GB) NTFS

========================= Users: ========================================

User accounts for \\

Admin Administrator ASPNET
Guest HelpAssistant SUPPORT_388945a0
UpdatusUser

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini030912-01.dmp

**** End of log ****






19:56:02.0686 6892 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
19:56:03.0108 6892 ============================================================
19:56:03.0108 6892 Current date / time: 2012/03/09 19:56:03.0108
19:56:03.0108 6892 SystemInfo:
19:56:03.0108 6892
19:56:03.0108 6892 OS Version: 5.1.2600 ServicePack: 3.0
19:56:03.0108 6892 Product type: Workstation
19:56:03.0108 6892 ComputerName: NICK-9897FD19A0
19:56:03.0108 6892 UserName: Admin
19:56:03.0108 6892 Windows directory: C:\WINDOWS
19:56:03.0108 6892 System windows directory: C:\WINDOWS
19:56:03.0108 6892 Processor architecture: Intel x86
19:56:03.0108 6892 Number of processors: 2
19:56:03.0108 6892 Page size: 0x1000
19:56:03.0108 6892 Boot type: Normal boot
19:56:03.0108 6892 ============================================================
19:56:04.0827 6892 Drive \Device\Harddisk0\DR0 - Size: 0x45DD71DE00 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:56:04.0827 6892 \Device\Harddisk0\DR0:
19:56:04.0827 6892 MBR used
19:56:04.0827 6892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EE6E41
19:56:04.0858 6892 Initialize success
19:56:04.0858 6892 ============================================================
19:56:24.0843 5308 ============================================================
19:56:24.0843 5308 Scan started
19:56:24.0843 5308 Mode: Manual; TDLFS;
19:56:24.0843 5308 ============================================================
19:56:26.0061 5308 Abiosdsk - ok
19:56:26.0077 5308 abp480n5 - ok
19:56:26.0108 5308 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:56:26.0124 5308 ACPI - ok
19:56:26.0139 5308 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:56:26.0139 5308 ACPIEC - ok
19:56:26.0155 5308 adpu160m - ok
19:56:26.0171 5308 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:56:26.0171 5308 aec - ok
19:56:26.0202 5308 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:56:26.0202 5308 AegisP - ok
19:56:26.0218 5308 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:56:26.0233 5308 AFD - ok
19:56:26.0233 5308 Aha154x - ok
19:56:26.0233 5308 aic78u2 - ok
19:56:26.0249 5308 aic78xx - ok
19:56:26.0249 5308 AliIde - ok
19:56:26.0264 5308 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
19:56:26.0280 5308 AmdLLD - ok
19:56:26.0280 5308 amsint - ok
19:56:26.0296 5308 asc - ok
19:56:26.0296 5308 asc3350p - ok
19:56:26.0311 5308 asc3550 - ok
19:56:26.0327 5308 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:56:26.0343 5308 AsyncMac - ok
19:56:26.0343 5308 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:56:26.0343 5308 atapi - ok
19:56:26.0343 5308 Atdisk - ok
19:56:26.0358 5308 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:56:26.0358 5308 Atmarpc - ok
19:56:26.0389 5308 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:56:26.0389 5308 audstub - ok
19:56:26.0405 5308 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:56:26.0421 5308 avgntflt - ok
19:56:26.0436 5308 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:56:26.0436 5308 avipbb - ok
19:56:26.0452 5308 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:56:26.0452 5308 avkmgr - ok
19:56:26.0483 5308 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:56:26.0483 5308 Beep - ok
19:56:26.0514 5308 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
19:56:26.0530 5308 BTCFilterService - ok
19:56:26.0546 5308 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:56:26.0546 5308 cbidf2k - ok
19:56:26.0593 5308 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:56:26.0593 5308 CCDECODE - ok
19:56:26.0639 5308 cd20xrnt - ok
19:56:26.0671 5308 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:56:26.0671 5308 Cdaudio - ok
19:56:26.0686 5308 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:56:26.0686 5308 Cdfs - ok
19:56:26.0718 5308 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:56:26.0718 5308 Cdrom - ok
19:56:26.0718 5308 Changer - ok
19:56:26.0733 5308 CmdIde - ok
19:56:26.0733 5308 Cpqarray - ok
19:56:26.0749 5308 dac2w2k - ok
19:56:26.0749 5308 dac960nt - ok
19:56:26.0780 5308 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:56:26.0780 5308 Disk - ok
19:56:26.0796 5308 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:56:26.0827 5308 dmboot - ok
19:56:26.0827 5308 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:56:26.0827 5308 dmio - ok
19:56:26.0858 5308 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:56:26.0858 5308 dmload - ok
19:56:26.0874 5308 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:56:26.0874 5308 DMusic - ok
19:56:26.0889 5308 dpti2o - ok
19:56:26.0889 5308 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:56:26.0889 5308 drmkaud - ok
19:56:26.0921 5308 dsNcAdpt - ok
19:56:26.0921 5308 EagleNT - ok
19:56:26.0936 5308 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:56:26.0952 5308 Fastfat - ok
19:56:26.0968 5308 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:56:26.0968 5308 Fdc - ok
19:56:26.0983 5308 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:56:26.0983 5308 Fips - ok
19:56:26.0999 5308 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:56:26.0999 5308 Flpydisk - ok
19:56:27.0014 5308 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:56:27.0014 5308 FltMgr - ok
19:56:27.0046 5308 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
19:56:27.0093 5308 FsUsbExDisk - ok
19:56:27.0139 5308 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:56:27.0139 5308 Fs_Rec - ok
19:56:27.0139 5308 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:56:27.0139 5308 Ftdisk - ok
19:56:27.0171 5308 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:56:27.0171 5308 GEARAspiWDM - ok
19:56:27.0202 5308 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
19:56:27.0233 5308 giveio - ok
19:56:27.0280 5308 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:56:27.0296 5308 Gpc - ok
19:56:27.0311 5308 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
19:56:27.0327 5308 hamachi - ok
19:56:27.0343 5308 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:56:27.0343 5308 HDAudBus - ok
19:56:27.0374 5308 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:56:27.0374 5308 HidUsb - ok
19:56:27.0389 5308 hpn - ok
19:56:27.0405 5308 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:56:27.0405 5308 HPZid412 - ok
19:56:27.0421 5308 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:56:27.0421 5308 HPZipr12 - ok
19:56:27.0452 5308 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:56:27.0452 5308 HPZius12 - ok
19:56:27.0468 5308 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:56:27.0483 5308 HTTP - ok
19:56:27.0483 5308 i2omgmt - ok
19:56:27.0499 5308 i2omp - ok
19:56:27.0514 5308 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:56:27.0514 5308 i8042prt - ok
19:56:27.0530 5308 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:56:27.0530 5308 Imapi - ok
19:56:27.0530 5308 ini910u - ok
19:56:27.0624 5308 IntcAzAudAddService (12f4d2aa29745dc2a403ff42e75cf7fa) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:56:27.0702 5308 IntcAzAudAddService - ok
19:56:27.0733 5308 IntelIde - ok
19:56:27.0764 5308 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:56:27.0764 5308 intelppm - ok
19:56:27.0764 5308 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:56:27.0780 5308 Ip6Fw - ok
19:56:27.0827 5308 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:56:27.0827 5308 IpFilterDriver - ok
19:56:27.0874 5308 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:56:27.0874 5308 IpInIp - ok
19:56:27.0889 5308 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:56:27.0889 5308 IpNat - ok
19:56:27.0921 5308 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\WINDOWS\system32\drivers\iPodDrv.sys
19:56:27.0921 5308 iPodDrv - ok
19:56:27.0968 5308 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:56:27.0968 5308 IPSec - ok
19:56:27.0983 5308 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:56:27.0983 5308 IRENUM - ok
19:56:28.0014 5308 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:56:28.0014 5308 isapnp - ok
19:56:28.0030 5308 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
19:56:28.0030 5308 JGOGO - ok
19:56:28.0030 5308 JRAID (dac317a5efd8fe13fe7ec8e2b2e1d549) C:\WINDOWS\system32\DRIVERS\jraid.sys
19:56:28.0030 5308 JRAID - ok
19:56:28.0061 5308 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:56:28.0061 5308 Kbdclass - ok
19:56:28.0077 5308 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:56:28.0077 5308 kbdhid - ok
19:56:28.0093 5308 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:56:28.0108 5308 kmixer - ok
19:56:28.0124 5308 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:56:28.0124 5308 KSecDD - ok
19:56:28.0202 5308 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:56:28.0202 5308 Lavasoft Kernexplorer - ok
19:56:28.0218 5308 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
19:56:28.0218 5308 Lbd - ok
19:56:28.0264 5308 LBeepKE (8f4d784b3f22f468eea99da02b0e39e5) C:\WINDOWS\system32\Drivers\LBeepKE.sys
19:56:28.0264 5308 LBeepKE - ok
19:56:28.0280 5308 lbrtfdc - ok
19:56:28.0296 5308 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
19:56:28.0296 5308 LHidFilt - ok
19:56:28.0311 5308 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
19:56:28.0311 5308 LMouFilt - ok
19:56:28.0374 5308 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
19:56:28.0374 5308 LUsbFilt - ok
19:56:28.0389 5308 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
19:56:28.0389 5308 MBAMSwissArmy - ok
19:56:28.0452 5308 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:56:28.0452 5308 mnmdd - ok
19:56:28.0483 5308 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:56:28.0483 5308 Modem - ok
19:56:28.0499 5308 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys
19:56:28.0499 5308 motandroidusb - ok
19:56:28.0530 5308 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\WINDOWS\system32\DRIVERS\motccgp.sys
19:56:28.0530 5308 motccgp - ok
19:56:28.0546 5308 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
19:56:28.0546 5308 motccgpfl - ok
19:56:28.0577 5308 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
19:56:28.0577 5308 MotDev - ok
19:56:28.0577 5308 motmodem (69814acd50a9d6d28296050ef6215d46) C:\WINDOWS\system32\DRIVERS\motmodem.sys
19:56:28.0577 5308 motmodem - ok
19:56:28.0593 5308 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
19:56:28.0593 5308 MotoSwitchService - ok
19:56:28.0608 5308 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
19:56:28.0608 5308 Motousbnet - ok
19:56:28.0639 5308 motusbdevice (f780c53d98a0aad28f5b7403b184aea1) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
19:56:28.0639 5308 motusbdevice - ok
19:56:28.0655 5308 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:56:28.0655 5308 Mouclass - ok
19:56:28.0671 5308 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:56:28.0671 5308 mouhid - ok
19:56:28.0718 5308 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:56:28.0718 5308 MountMgr - ok
19:56:28.0749 5308 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:56:28.0749 5308 MpFilter - ok
19:56:28.0827 5308 MpKslcc8285ff (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5265FDE3-93C4-49A0-9069-DB548F2A8DA2}\MpKslcc8285ff.sys
19:56:28.0827 5308 MpKslcc8285ff - ok
19:56:28.0905 5308 mraid35x - ok
19:56:28.0921 5308 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:56:28.0921 5308 MRxDAV - ok
19:56:28.0952 5308 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:56:28.0968 5308 MRxSmb - ok
19:56:28.0999 5308 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:56:28.0999 5308 Msfs - ok
19:56:29.0014 5308 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:56:29.0014 5308 MSKSSRV - ok
19:56:29.0030 5308 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:56:29.0030 5308 MSPCLOCK - ok
19:56:29.0061 5308 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:56:29.0061 5308 MSPQM - ok
19:56:29.0093 5308 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:56:29.0093 5308 mssmbios - ok
19:56:29.0108 5308 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:56:29.0108 5308 MSTEE - ok
19:56:29.0139 5308 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:56:29.0139 5308 Mup - ok
19:56:29.0155 5308 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:56:29.0171 5308 NABTSFEC - ok
19:56:29.0186 5308 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:56:29.0186 5308 NDIS - ok
19:56:29.0202 5308 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:56:29.0202 5308 NdisIP - ok
19:56:29.0249 5308 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:56:29.0249 5308 NdisTapi - ok
19:56:29.0264 5308 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:56:29.0264 5308 Ndisuio - ok
19:56:29.0280 5308 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:56:29.0280 5308 NdisWan - ok
19:56:29.0311 5308 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:56:29.0311 5308 NDProxy - ok
19:56:29.0327 5308 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:56:29.0327 5308 NetBIOS - ok
19:56:29.0343 5308 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:56:29.0343 5308 NetBT - ok
19:56:29.0374 5308 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
19:56:29.0374 5308 NPF - ok
19:56:29.0452 5308 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:56:29.0452 5308 Npfs - ok
19:56:29.0483 5308 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:56:29.0499 5308 Ntfs - ok
19:56:29.0530 5308 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:56:29.0546 5308 Null - ok
19:56:29.0874 5308 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:56:30.0124 5308 nv - ok
19:56:30.0249 5308 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:56:30.0249 5308 NwlnkFlt - ok
19:56:30.0280 5308 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:56:30.0280 5308 NwlnkFwd - ok
19:56:30.0327 5308 PAC207 (509039b85c95e6e85cb7a8e3465fb702) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
19:56:30.0343 5308 PAC207 - ok
19:56:30.0358 5308 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:56:30.0358 5308 Parport - ok
19:56:30.0374 5308 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:56:30.0374 5308 PartMgr - ok
19:56:30.0405 5308 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:56:30.0405 5308 ParVdm - ok
19:56:30.0405 5308 pccsmcfd - ok
19:56:30.0421 5308 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:56:30.0421 5308 PCI - ok
19:56:30.0436 5308 PCIDump - ok
19:56:30.0452 5308 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:56:30.0452 5308 PCIIde - ok
19:56:30.0468 5308 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:56:30.0468 5308 Pcmcia - ok
19:56:30.0468 5308 PDCOMP - ok
19:56:30.0483 5308 PDFRAME - ok
19:56:30.0483 5308 PDRELI - ok
19:56:30.0499 5308 PDRFRAME - ok
19:56:30.0499 5308 perc2 - ok
19:56:30.0514 5308 perc2hib - ok
19:56:30.0546 5308 Point32 (cf7c1868b90c90a265fc3f60ce46265b) C:\WINDOWS\system32\DRIVERS\point32.sys
19:56:30.0546 5308 Point32 - ok
19:56:30.0561 5308 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:56:30.0561 5308 PptpMiniport - ok
19:56:30.0577 5308 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:56:30.0577 5308 PSched - ok
19:56:30.0593 5308 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:56:30.0593 5308 Ptilink - ok
19:56:30.0608 5308 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:56:30.0608 5308 PxHelp20 - ok
19:56:30.0608 5308 ql1080 - ok
19:56:30.0624 5308 Ql10wnt - ok
19:56:30.0624 5308 ql12160 - ok
19:56:30.0639 5308 ql1240 - ok
19:56:30.0639 5308 ql1280 - ok
19:56:30.0655 5308 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:56:30.0655 5308 RasAcd - ok
19:56:30.0671 5308 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:56:30.0671 5308 Rasl2tp - ok
19:56:30.0686 5308 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:56:30.0686 5308 RasPppoe - ok
19:56:30.0686 5308 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:56:30.0686 5308 Raspti - ok
19:56:30.0702 5308 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:56:30.0718 5308 Rdbss - ok
19:56:30.0718 5308 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:56:30.0718 5308 RDPCDD - ok
19:56:30.0749 5308 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:56:30.0749 5308 RDPWD - ok
19:56:30.0764 5308 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:56:30.0764 5308 redbook - ok
19:56:30.0796 5308 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
19:56:30.0796 5308 RsFx0103 - ok
19:56:30.0858 5308 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:56:30.0874 5308 SASDIFSV - ok
19:56:30.0905 5308 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
19:56:30.0905 5308 SASENUM - ok
19:56:30.0905 5308 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
19:56:30.0921 5308 SASKUTIL - ok
19:56:31.0046 5308 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:56:31.0046 5308 Secdrv - ok
19:56:31.0061 5308 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:56:31.0077 5308 serenum - ok
19:56:31.0093 5308 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:56:31.0093 5308 Serial - ok
19:56:31.0124 5308 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:56:31.0124 5308 Sfloppy - ok
19:56:31.0139 5308 Simbad - ok
19:56:31.0155 5308 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:56:31.0155 5308 SLIP - ok
19:56:31.0171 5308 Sparrow - ok
19:56:31.0186 5308 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
19:56:31.0264 5308 speedfan - ok
19:56:31.0280 5308 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:56:31.0280 5308 splitter - ok
19:56:31.0311 5308 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:56:31.0311 5308 sr - ok
19:56:31.0343 5308 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:56:31.0358 5308 Srv - ok
19:56:31.0374 5308 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
19:56:31.0374 5308 sscdbus - ok
19:56:31.0405 5308 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
19:56:31.0405 5308 sscdmdfl - ok
19:56:31.0514 5308 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
19:56:31.0514 5308 sscdmdm - ok
19:56:31.0546 5308 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:56:31.0546 5308 ssmdrv - ok
19:56:31.0593 5308 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:56:31.0593 5308 streamip - ok
19:56:31.0608 5308 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:56:31.0608 5308 swenum - ok
19:56:31.0624 5308 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:56:31.0624 5308 swmidi - ok
19:56:31.0624 5308 symc810 - ok
19:56:31.0639 5308 symc8xx - ok
19:56:31.0639 5308 sym_hi - ok
19:56:31.0655 5308 sym_u3 - ok
19:56:31.0671 5308 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:56:31.0671 5308 sysaudio - ok
19:56:31.0702 5308 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
19:56:31.0702 5308 tapvpn - ok
19:56:31.0733 5308 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:56:31.0733 5308 Tcpip - ok
19:56:31.0749 5308 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:56:31.0749 5308 TDPIPE - ok
19:56:31.0780 5308 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:56:31.0780 5308 TDTCP - ok
19:56:31.0796 5308 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:56:31.0796 5308 TermDD - ok
19:56:31.0811 5308 TosIde - ok
19:56:31.0827 5308 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:56:31.0827 5308 Udfs - ok
19:56:31.0843 5308 ultra - ok
19:56:31.0858 5308 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:56:31.0858 5308 Update - ok
19:56:31.0874 5308 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:56:31.0874 5308 USBAAPL - ok
19:56:31.0905 5308 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:56:31.0905 5308 usbaudio - ok
19:56:31.0921 5308 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:56:31.0921 5308 usbccgp - ok
19:56:31.0952 5308 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:56:31.0952 5308 usbehci - ok
19:56:31.0983 5308 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:56:31.0983 5308 usbhub - ok
19:56:32.0014 5308 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:56:32.0014 5308 usbprint - ok
19:56:32.0030 5308 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:56:32.0030 5308 usbscan - ok
19:56:32.0155 5308 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:56:32.0155 5308 USBSTOR - ok
19:56:32.0186 5308 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:56:32.0186 5308 usbuhci - ok
19:56:32.0249 5308 V2WCDRV (9519d5ec6da0a9e38acc82b466596f2c) C:\WINDOWS\system32\DRIVERS\V2WCDRV.sys
19:56:32.0280 5308 V2WCDRV - ok
19:56:32.0358 5308 vcdrom - ok
19:56:32.0389 5308 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:56:32.0389 5308 VgaSave - ok
19:56:32.0389 5308 ViaIde - ok
19:56:32.0421 5308 vnccom (f6a0cc36f4cbda21b220ff2fb2195a36) C:\WINDOWS\system32\Drivers\vnccom.SYS
19:56:32.0421 5308 vnccom - ok
19:56:32.0436 5308 vncdrv (6a3835b5925a3ebb3c357446fe867824) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
19:56:32.0436 5308 vncdrv - ok
19:56:32.0452 5308 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:56:32.0452 5308 VolSnap - ok
19:56:32.0483 5308 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:56:32.0483 5308 Wanarp - ok
19:56:32.0514 5308 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:56:32.0530 5308 Wdf01000 - ok
19:56:32.0546 5308 WDICA - ok
19:56:32.0561 5308 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:56:32.0561 5308 wdmaud - ok
19:56:32.0608 5308 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:56:32.0608 5308 WpdUsb - ok
19:56:32.0639 5308 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:56:32.0639 5308 WS2IFSL - ok
19:56:32.0671 5308 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:56:32.0671 5308 WSTCODEC - ok
19:56:32.0686 5308 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:56:32.0686 5308 WudfPf - ok
19:56:32.0702 5308 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:56:32.0702 5308 WudfRd - ok
19:56:32.0718 5308 XDva248 - ok
19:56:32.0749 5308 yukonwxp (5ee248f1c25579fe3561f7293cdcdc8e) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
19:56:32.0749 5308 yukonwxp - ok
19:56:32.0764 5308 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:56:32.0874 5308 \Device\Harddisk0\DR0 - ok
19:56:32.0874 5308 Boot (0x1200) (a10a7d16f2dd8a9035caac513f77b5a6) \Device\Harddisk0\DR0\Partition0
19:56:32.0874 5308 \Device\Harddisk0\DR0\Partition0 - ok
19:56:32.0874 5308 ============================================================
19:56:32.0874 5308 Scan finished
19:56:32.0874 5308 ============================================================
19:56:32.0889 5364 Detected object count: 0
19:56:32.0889 5364 Actual detected object count: 0









aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-09 19:59:05
-----------------------------
19:59:05.186 OS Version: Windows 5.1.2600 Service Pack 3
19:59:05.186 Number of processors: 2 586 0xF06
19:59:05.186 ComputerName: NICK-9897FD19A0 UserName: Admin
19:59:05.905 Initialize success
19:59:49.936 AVAST engine defs: 12030900
20:00:05.889 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-12
20:00:05.889 Disk 0 Vendor: WDC_WD3000GLFS-01F8U0 03.03V01 Size: 286167MB BusType: 3
20:00:05.889 Disk 0 MBR read successfully
20:00:05.905 Disk 0 MBR scan
20:00:05.905 Disk 0 Windows XP default MBR code
20:00:05.905 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286157 MB offset 63
20:00:05.921 Disk 0 scanning sectors +586051200
20:00:05.968 Disk 0 scanning C:\WINDOWS\system32\drivers
20:00:22.061 Service scanning
20:00:33.186 Service MpKslcc8285ff c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5265FDE3-93C4-49A0-9069-DB548F2A8DA2}\MpKslcc8285ff.sys **LOCKED** 32
20:00:58.389 Modules scanning
20:01:11.186 Disk 0 trace - called modules:
20:01:11.202 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:01:11.202 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2f3ab8]
20:01:11.202 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8b34f238]
20:01:11.202 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-12[0x8b2cbb00]
20:01:11.827 AVAST engine scan C:\WINDOWS
20:01:24.186 AVAST engine scan C:\WINDOWS\system32
20:07:01.343 AVAST engine scan C:\WINDOWS\system32\drivers
20:07:23.749 AVAST engine scan C:\Documents and Settings\Admin
20:26:50.733 AVAST engine scan C:\Documents and Settings\All Users
20:36:39.874 Scan finished successfully
20:38:30.624 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
20:38:30.671 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   499bytes   0 downloads


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:54 AM

Posted 09 March 2012 - 09:47 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 09 March 2012 - 10:45 PM

Combofix ran all the way to the part where it says "Almost done..." and tells me where the log will be located, and then I got a flash of a blue screen with text and my computer restarted. The windows message "The system has recovered from a serious error, would you like to send a report" was displayed, and I can tell you what the "technical details" of that window if you want, I snapped a picture of it.

Since there's no log, I should say that in the first stages of combofix running, it showed a popup window that said: "You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularily difficult infection." Then it says to re-run it if I can't connect to the internet afterwards.

I looked where there should be a log (C:\) but there isn't any there.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:54 AM

Posted 09 March 2012 - 11:05 PM

Please re-run comboFix and see if it will produce a log this time

if it crashes again, please try running it in safe mode:

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 09 March 2012 - 11:51 PM

I re-ran combofix and waited, but had to leave my computer temporarily to take care of something. When I came back, it was in the process of rebooting, and when it booted there was still no log file found in C:/, where combofix says it should be, and the microsoft "serious error" message still displays, so I guess it blue screened again.

I can't enter safe mode as my computer starts to boot up, because my keyboard and mouse are disabled until I am prompted for my login information at my xp login screen. I know my keyboard and mouse are diabled during boot because they do not respond to any button presses while booting, including F8, and they both have lights on them that both turn off during the boot sequence on my computer.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:54 AM

Posted 09 March 2012 - 11:53 PM

Please run the following;


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Edited by CatByte, 09 March 2012 - 11:54 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 10 March 2012 - 12:17 AM

OTL logfile created on: 3/9/2012 11:05:01 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 64.44% Memory free
5.34 Gb Paging File | 4.33 Gb Available in Paging File | 81.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.45 Gb Total Space | 71.91 Gb Free Space | 25.73% Space Free | Partition Type: NTFS

Computer Name: NICK-9897FD19A0 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/09 23:03:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL(1).exe
PRC - [2012/02/21 17:27:42 | 013,320,704 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/02/14 17:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/02/09 22:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/09 12:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2012/02/09 12:44:06 | 002,509,184 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2012/02/09 12:43:46 | 002,029,952 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
PRC - [2012/01/08 07:32:56 | 000,105,160 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2011/12/21 14:50:10 | 000,424,008 | ---- | M] (Phase Five Systems) -- C:\Program Files\Jump Desktop\JumpDesktop.exe
PRC - [2011/12/21 14:44:46 | 000,007,680 | ---- | M] (Phase Five Systems) -- C:\Program Files\Jump Desktop\JumpService.exe
PRC - [2011/12/15 15:00:35 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/12/15 15:00:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/15 15:00:12 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/12/15 15:00:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/12/06 15:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 15:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/12/02 11:18:16 | 001,000,288 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/11/19 13:45:50 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/11/10 00:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/28 19:35:26 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/08/23 13:05:36 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/02 15:34:10 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/07/08 07:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2010/04/03 13:05:46 | 000,380,928 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2009/02/19 08:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/11/07 15:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/11/07 15:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/06/04 22:29:24 | 000,063,296 | ---- | M] () -- C:\Program Files\UltraVNC Addons\uvnc_service.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/05/03 09:48:46 | 000,307,200 | ---- | M] (ta2027) -- C:\Program Files\Styler\Styler.exe
PRC - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/07/15 15:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/23 18:00:53 | 014,415,144 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/02/23 18:00:49 | 000,857,896 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/02/23 18:00:47 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2012/02/23 18:00:45 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2012/02/23 18:00:43 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2012/02/21 17:17:56 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2012/02/21 17:17:44 | 000,346,624 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2012/02/21 17:17:04 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\libid3tag.dll
MOD - [2012/02/21 17:17:00 | 000,198,656 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\libaacdec.dll
MOD - [2012/02/15 03:15:55 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/15 03:15:49 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012/02/15 03:15:43 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 03:15:37 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
MOD - [2012/02/15 03:15:36 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/15 03:13:55 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/15 03:13:51 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/15 03:13:41 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/15 03:12:42 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/05 12:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012/02/05 12:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2012/01/09 23:33:23 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2012/01/08 07:32:56 | 000,567,496 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dll
MOD - [2012/01/08 07:32:56 | 000,105,160 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
MOD - [2012/01/08 07:30:18 | 000,143,360 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WebParser.dll
MOD - [2012/01/01 13:59:04 | 000,254,464 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\NowPlaying.dll
MOD - [2011/12/21 14:50:12 | 002,113,608 | ---- | M] () -- C:\Program Files\Jump Desktop\JumpNetwork.dll
MOD - [2011/12/15 15:00:24 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/12/06 15:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/12/06 15:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011/11/19 13:46:42 | 000,465,632 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\sqlite3.dll
MOD - [2011/11/19 13:45:24 | 000,034,128 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\NFileCacheDBAccess.dll
MOD - [2011/11/19 13:45:12 | 000,045,368 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\NAdvLog.dll
MOD - [2011/11/19 13:44:54 | 000,128,336 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\LiveupdateTactics.dll
MOD - [2011/11/19 13:44:28 | 000,023,872 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\DbAccess.dll
MOD - [2011/10/28 19:35:28 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/10/28 19:35:28 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/28 19:35:26 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/10/18 02:12:12 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/18 02:09:36 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/08/31 15:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/08/31 15:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 19:45:26 | 000,026,112 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\InputText.dll
MOD - [2010/04/03 13:06:20 | 000,081,920 | ---- | M] () -- C:\Program Files\Launchy\plugins\calcy.dll
MOD - [2010/04/03 13:06:08 | 000,024,064 | ---- | M] () -- C:\Program Files\Launchy\plugins\gcalc.dll
MOD - [2010/04/03 13:06:02 | 000,094,208 | ---- | M] () -- C:\Program Files\Launchy\plugins\runner.dll
MOD - [2010/04/03 13:05:54 | 000,122,880 | ---- | M] () -- C:\Program Files\Launchy\plugins\weby.dll
MOD - [2010/04/03 13:05:46 | 000,380,928 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
MOD - [2010/04/03 13:05:32 | 000,057,344 | ---- | M] () -- C:\Program Files\Launchy\plugins\verby.dll
MOD - [2010/04/03 13:05:22 | 000,090,112 | ---- | M] () -- C:\Program Files\Launchy\plugins\controly.dll
MOD - [2009/12/17 00:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 22:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files\Launchy\QtGui4.dll
MOD - [2009/12/16 21:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files\Launchy\QtNetwork4.dll
MOD - [2009/12/16 21:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files\Launchy\QtCore4.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007/06/04 22:29:24 | 000,063,296 | ---- | M] () -- C:\Program Files\UltraVNC Addons\uvnc_service.exe
MOD - [2005/05/01 11:10:10 | 000,159,744 | ---- | M] () -- C:\Program Files\Styler\UNRAR\unrar.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/09 22:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/09 12:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/12/21 14:44:46 | 000,007,680 | ---- | M] (Phase Five Systems) [Auto | Running] -- C:\Program Files\Jump Desktop\JumpService.exe -- (JumpDesktop)
SRV - [2011/12/15 15:00:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/15 15:00:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/12/06 15:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/11/19 13:45:50 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/11/10 00:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/23 13:05:36 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/07/08 07:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2009/03/09 15:39:00 | 002,793,784 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/02/19 08:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/11/07 15:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/06/04 22:29:24 | 000,063,296 | ---- | M] () [Auto | Running] -- C:\Program Files\UltraVNC Addons\uvnc_service.exe -- (Uvnc_service)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/03/01 09:40:52 | 000,077,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpbpro.exe -- (HP Port Resolver)
SRV - [2004/03/01 09:40:52 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpboid.exe -- (HP Status Server)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva248)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | System | Stopped] -- -- (vcdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (pccsmcfd)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (dsNcAdpt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/02/15 23:40:12 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/12/30 10:24:43 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/15 15:00:35 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/15 15:00:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/11/08 12:59:04 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/10/28 19:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/10/28 19:35:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/08/23 13:05:31 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/23 13:05:31 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/27 12:48:16 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 14:53:24 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/17 08:31:56 | 001,053,056 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\V2WCDRV.sys -- (V2WCDRV)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/03/24 05:23:12 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/06/17 10:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 10:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/05/08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/20 16:27:28 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/19 08:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/09/26 08:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/09/26 08:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/07/03 15:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 15:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 15:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/29 15:32:08 | 000,611,584 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/05/22 21:46:48 | 000,013,384 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2007/05/22 21:46:44 | 000,012,104 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2006/09/24 07:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/07/24 02:15:04 | 004,353,024 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/20 07:39:24 | 000,041,728 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/07/12 08:56:00 | 000,248,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/02/07 05:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-1177238915-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1960408961-1177238915-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1960408961-1177238915-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1960408961-1177238915-839522115-1004\..\SearchScopes\{C78FC014-2368-47E1-853A-EB2839F693D0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CLM&o=15431&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=LC&apn_dtid=YYYYYYYYUS&apn_uid=bb94fa31-e12b-4b97-a263-22aa38b9e109&apn_sauid=76DDFD11-6191-4438-ADE1-F46F098272EE
IE - HKU\S-1-5-21-1960408961-1177238915-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-1177238915-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;192.168.*.*;*.local


========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://paulgraham.com/head.html"
FF - prefs.js..keyword.URL: "http://www.google.co.in/search?btnG=Google+Search&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2012/03/09 00:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins

[2010/11/12 17:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2012/03/09 00:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyrfcmdo.default\extensions
[2012/02/28 21:52:11 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyrfcmdo.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/03/03 16:30:07 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyrfcmdo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/02/16 21:32:58 | 000,000,000 | ---D | M] (FT SleekDark) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyrfcmdo.default\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66}
[2012/01/31 00:39:23 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyrfcmdo.default\extensions\info@priceblink.com
[2012/03/09 00:04:22 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyrfcmdo.default\extensions\support@lastpass.com
[2011/07/06 18:16:16 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyrfcmdo.default\searchplugins\askcom.xml
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYRFCMDO.DEFAULT\EXTENSIONS\{987311C6-B504-4AA2-90BF-60CC49808D42}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYRFCMDO.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYRFCMDO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYRFCMDO.DEFAULT\EXTENSIONS\READABLE@EVERNOTE.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FYRFCMDO.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Google Science Fair 2012 = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjibekncdookhijmkplhapjcfnglelcn\1.1_0\
CHR - Extension: Google Science Fair 2012 = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjibekncdookhijmkplhapjcfnglelcn\1.1_1\
CHR - Extension: Gradient = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ipehkhefmnpkdbcpgbononhiohcabocp\1.0_0\
CHR - Extension: Poppit = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Grass = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\
CHR - Extension: Transparent = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oegogboflfgdoajlmhilbamjblflfibj\1.0_0\
CHR - Extension: Late Night = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\

O1 HOSTS File: ([2012/03/09 21:25:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKU\S-1-5-21-1960408961-1177238915-839522115-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [GBB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKU\S-1-5-21-1960408961-1177238915-839522115-1004..\Run: [Jump Desktop] C:\Program Files\Jump Desktop\JumpDesktop.exe (Phase Five Systems)
O4 - HKU\S-1-5-21-1960408961-1177238915-839522115-1004..\Run: [MusicManager] C:\Documents and Settings\Admin\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1960408961-1177238915-839522115-1004..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1960408961-1177238915-839522115-1004..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Styler.lnk = C:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1177238915-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1177238915-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-1177238915-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1960408961-1177238915-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1960408961-1177238915-839522115-1013\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1177238915-839522115-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235253539500 (WUWebControl Class)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v4.cab (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235253943156 (MUWebControl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00B3A75B-9A9A-4EDE-9286-804A13E1D337}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/21 15:15:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/09 23:03:16 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL(1).exe
[2012/03/09 22:16:33 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/09 21:01:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/09 21:01:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/09 21:01:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/09 21:01:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/09 21:01:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/09 21:00:36 | 004,432,147 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2012/03/09 19:58:57 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2012/03/09 14:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\itunesExport
[2012/03/05 11:24:50 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2012/03/04 02:28:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2012/03/04 01:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/04 01:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/04 01:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/03/04 01:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/02/22 21:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\MotorolaMediaLink
[2012/02/19 20:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\black android (xp)
[2012/02/18 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\area o4.2
[2012/02/18 18:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\iconpackICS
[2012/02/18 18:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\NZ Software
[2012/02/18 18:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NZ Software
[2012/02/18 18:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\ICONS
[2012/02/18 18:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Rainmeter
[2012/02/18 18:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rainmeter
[2012/02/18 13:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Stardock
[2012/02/18 13:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\nCube
[2012/02/18 01:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\{FFFA2FB9-4857-4475-8379-F36343DA5801}
[2012/02/15 22:54:20 | 000,000,000 | ---D | C] -- C:\SBF
[2012/02/15 22:17:22 | 000,000,000 | ---D | C] -- C:\USB_Driver_3.4.6_patch_ for HG
[2012/02/15 22:17:22 | 000,000,000 | ---D | C] -- C:\USB Driver_TI
[2012/02/15 22:06:27 | 000,000,000 | ---D | C] -- C:\Temp
[2012/02/15 22:06:15 | 000,025,856 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motoandroid.sys
[2012/02/15 22:06:15 | 000,011,008 | ---- | C] (Motorola Inc) -- C:\WINDOWS\System32\drivers\motusbdevice.sys
[2012/02/15 22:06:13 | 000,024,064 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys
[2012/02/15 22:06:12 | 000,020,480 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgp.sys
[2012/02/15 22:06:12 | 000,008,320 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgpfl.sys
[2012/02/15 22:06:12 | 000,006,400 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motswch.sys
[2012/02/15 22:06:11 | 000,042,752 | ---- | C] (Motorola Inc) -- C:\WINDOWS\System32\drivers\motodrv.sys
[2012/02/12 19:48:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CF75871F-D685-410F-9CA9-2F56AC74463B}
[2012/02/12 19:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tom Sawyer Software
[2012/02/12 19:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\ERStudio Data Architect 9.1
[2012/02/12 19:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Embarcadero ERStudio Data Architect 9.1
[2012/02/12 19:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Embarcadero
[2012/02/12 19:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Embarcadero
[2012/02/12 19:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Embarcadero

========== Files - Modified Within 30 Days ==========

[2012/03/09 23:03:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL(1).exe
[2012/03/09 23:02:09 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/09 23:02:01 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/03/09 23:01:34 | 000,002,245 | ---- | M] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Styler.lnk
[2012/03/09 22:56:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/09 22:55:26 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/03/09 22:55:26 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/03/09 22:55:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/03/09 21:25:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/09 20:59:53 | 004,432,147 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2012/03/09 20:41:03 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MBR.zip
[2012/03/09 20:39:03 | 000,000,494 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MBR.7z
[2012/03/09 20:38:30 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2012/03/09 19:58:56 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2012/03/09 19:55:46 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2012/03/09 19:52:12 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MiniToolBox.exe
[2012/03/09 18:34:55 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\movies.URL
[2012/03/09 14:22:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/09 13:58:14 | 000,292,860 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/03/09 13:58:14 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/03/09 13:58:11 | 000,292,860 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/03/05 21:24:38 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\PUTTY.RND
[2012/03/04 01:25:12 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/02 12:35:16 | 000,198,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/28 20:33:40 | 001,011,678 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\SPRING2012sched.bmp
[2012/02/23 19:59:16 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/23 19:59:16 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Dropbox.lnk
[2012/02/23 00:21:15 | 000,000,060 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Home - Android Market.URL
[2012/02/22 23:56:43 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\Admin\webct_upload_applet.properties
[2012/02/22 21:41:03 | 000,636,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/22 21:41:03 | 000,135,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/22 21:34:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012/02/22 21:34:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012/02/22 21:34:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012/02/18 21:33:18 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\g.URL
[2012/02/18 19:52:19 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\P.URL
[2012/02/18 18:27:57 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hex Color Finder.lnk
[2012/02/18 18:02:10 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
[2012/02/18 18:02:10 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rainmeter.lnk
[2012/02/18 01:03:33 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2012/02/15 23:40:12 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/02/12 19:47:51 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ERStudio Data Architect 9.1.lnk
[2012/02/09 22:10:00 | 002,783,770 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2012/02/09 22:10:00 | 000,065,536 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012/02/09 22:10:00 | 000,007,843 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb

========== Files Created - No Company Name ==========

[2012/03/09 21:01:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/09 21:01:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/09 21:01:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/09 21:01:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/09 21:01:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/09 20:41:03 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MBR.zip
[2012/03/09 20:39:03 | 000,000,494 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MBR.7z
[2012/03/09 20:38:30 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2012/03/09 19:52:19 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MiniToolBox.exe
[2012/03/09 18:34:55 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\movies.URL
[2012/03/09 13:57:24 | 000,007,843 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/03/04 01:25:12 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/28 20:33:40 | 001,011,678 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\SPRING2012sched.bmp
[2012/02/23 00:21:15 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Home - Android Market.URL
[2012/02/22 21:34:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012/02/22 21:34:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012/02/22 21:34:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012/02/18 21:33:18 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\g.URL
[2012/02/18 20:13:23 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\iTunes.lnk
[2012/02/18 19:52:19 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\P.URL
[2012/02/18 18:27:57 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hex Color Finder.lnk
[2012/02/18 18:02:10 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
[2012/02/18 18:02:10 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rainmeter.lnk
[2012/02/18 01:03:33 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2012/02/15 02:48:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 02:48:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/12 19:47:50 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ERStudio Data Architect 9.1.lnk
[2012/01/31 03:25:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/31 03:25:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/19 01:09:03 | 000,017,680 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/01/10 04:02:30 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/13 18:56:15 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/05 23:11:06 | 000,213,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/18 21:23:19 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/07/06 17:47:24 | 001,053,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\V2WCDRV.sys
[2011/04/23 16:25:49 | 000,292,860 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/23 16:25:49 | 000,292,860 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/23 16:25:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/14 10:08:31 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\D2Info0
[2011/04/14 10:08:31 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\DofusAppId0_2
[2011/04/12 23:38:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/12/18 13:59:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2010/12/01 12:40:35 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\PUTTY.RND
[2010/09/10 13:41:35 | 000,414,238 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-1177238915-839522115-1004-0.dat
[2010/09/10 13:41:31 | 000,191,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/03/21 19:52:28 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI

========== LOP Check ==========

[2011/09/16 14:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\.minecraft
[2009/02/22 18:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\acccore
[2009/03/30 17:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Acclaim
[2011/08/07 06:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AtomZombieData
[2009/10/18 16:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Audacity
[2010/04/26 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AveDesk
[2012/01/09 10:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG2012
[2010/05/23 17:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Bioshock2
[2010/12/24 22:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Braid
[2011/07/26 15:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Broken Rules
[2011/11/09 22:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Chocolate Castle
[2010/02/08 14:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.dmerino.tumblweed.4DE7482C14055EAD00E76B98C6C45679E421790B.1
[2009/12/20 14:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2011/07/26 15:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Crayon Physics Deluxe
[2009/03/28 07:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Darkfall
[2011/07/12 19:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DiskSpaceFan
[2011/04/14 10:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dofus 2
[2009/12/23 14:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/01/05 20:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2009/12/23 14:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2009/05/04 18:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DragonicaSCB
[2012/03/09 23:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dropbox
[2009/04/12 19:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Electronic Arts
[2012/02/12 19:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Embarcadero
[2011/12/19 19:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Fallon.957283BD7AE99C519B762F3E2F85073ED97331F2.1
[2009/04/02 17:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FOG Downloader
[2010/01/27 14:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GameRanger
[2009/06/28 19:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GetRightToGo
[2011/11/16 23:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Hackety Hack
[2011/06/20 20:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Hi-Rez Studios
[2009/08/05 17:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ijjigame
[2009/03/13 08:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\iLike
[2011/11/09 22:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Jasper's Journeys
[2011/04/23 16:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Juniper Networks
[2009/04/02 16:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Larva Mortus Demo
[2010/12/18 10:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Launchy
[2011/07/26 16:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Lazy 8 Studios
[2009/08/22 00:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Leadertech
[2009/09/15 13:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Miranda
[2012/01/07 20:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MotoCast
[2011/12/05 17:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Motorola
[2009/02/27 07:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MSNInstaller
[2010/09/09 22:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Need for Speed World
[2011/10/22 18:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\NetSarang
[2011/12/14 23:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Nicalis
[2012/03/05 16:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Notepad++
[2009/02/27 07:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\OfficeUpdate12
[2012/02/02 15:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\OpenCandy
[2009/10/14 21:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PC Suite
[2012/01/05 21:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Phase Five Systems
[2010/12/21 19:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Polynomial
[2010/02/08 04:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Posty.CEC2C221E000B2446946E14B8F3CF3D0C0AFD73E.1
[2012/02/18 18:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Rainmeter
[2009/12/23 14:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/07/09 17:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\RIFT
[2009/11/12 16:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\runic games
[2009/10/14 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Samsung
[2009/02/22 16:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SharePod
[2009/06/29 16:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Styler
[2012/03/09 13:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SystemRequirementsLab
[2009/06/15 21:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\The Longest Journey Demo
[2010/04/11 14:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1
[2009/09/29 10:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Trillian
[2011/07/09 17:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TS3Client
[2010/03/10 13:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Ubisoft
[2011/07/06 17:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Video2Webcam
[2011/11/02 00:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Voxatron
[2011/11/09 22:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Zen Puzzle Garden
[2009/03/07 16:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2012/01/08 20:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/11 16:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/03/20 15:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/17 23:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011/03/20 15:04:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/02/12 19:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Embarcadero
[2011/05/22 22:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios
[2009/08/11 21:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2010/02/14 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2012/01/11 04:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/30 13:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2011/10/22 18:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetSarang
[2011/06/18 19:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/04/13 18:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/05/17 18:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2012/01/14 20:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Splashtop
[2010/03/09 23:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2011/07/06 17:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Video2Webcam
[2009/06/22 01:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/01/09 23:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VS
[2012/02/02 15:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2009/03/14 19:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/05 06:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/13 23:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 14:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/02/12 19:48:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CF75871F-D685-410F-9CA9-2F56AC74463B}
[2009/03/06 14:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2012/01/05 21:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2012/03/09 22:55:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/09/20 22:51:05 | 000,000,976 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1177238915-839522115-1004Core.job
[2012/03/09 23:02:09 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/03/09 23:02:01 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2012/03/09 22:55:32 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >


========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD3000GLFS-01F8U0
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 279.00GB
Starting Offset: 32256
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction

< End of report >






OTL Extras logfile created on: 3/9/2012 11:05:01 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 64.44% Memory free
5.34 Gb Paging File | 4.33 Gb Available in Paging File | 81.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.45 Gb Total Space | 71.91 Gb Free Space | 25.73% Space Free | Partition Type: NTFS

Computer Name: NICK-9897FD19A0 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1960408961-1177238915-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UPDATESDISABLENOTIFY" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58656:TCP" = 58656:TCP:*:Enabled:Pando Media Booster
"58656:UDP" = 58656:UDP:*:Enabled:Pando Media Booster
"58133:TCP" = 58133:TCP:*:Enabled:Pando Media Booster
"58133:UDP" = 58133:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"58656:TCP" = 58656:TCP:*:Enabled:Pando Media Booster
"58656:UDP" = 58656:UDP:*:Enabled:Pando Media Booster
"58133:TCP" = 58133:TCP:*:Enabled:Pando Media Booster
"58133:UDP" = 58133:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Steam\steamapps\narconick\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\narconick\team fortress 2\hl2.exe:*:Enabled:hl2
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe" = C:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe:*:Enabled:Fallout3
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
"C:\PandoraFox\App\Firefox\firefox.exe" = C:\PandoraFox\App\Firefox\firefox.exe:*:Enabled:Firefox
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Darkfall\Lobby.exe" = C:\Program Files\Darkfall\Lobby.exe:*:Enabled:Lobby
"C:\Documents and Settings\Admin\My Documents\My Downloads\RoM_Downloader.exe" = C:\Documents and Settings\Admin\My Documents\My Downloads\RoM_Downloader.exe:*:Enabled:FOG Downloader
"C:\Program Files\alaplaya\S4League\S4Client.exe" = C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe
"C:\Program Files\Taikodom\taikodom-game.exe" = C:\Program Files\Taikodom\taikodom-game.exe:*:Enabled:taikodom-game
"C:\Rohan_Global\rohanclient.exe" = C:\Rohan_Global\rohanclient.exe:*:Enabled:Rohan Online Game
"C:\Documents and Settings\Admin\My Documents\My Downloads\SRO_L4_Full_Client_Downloader.exe" = C:\Documents and Settings\Admin\My Documents\My Downloads\SRO_L4_Full_Client_Downloader.exe:*:Enabled:Full-Client Downloader
"C:\Program Files\ProxyWay\proxyway.exe" = C:\Program Files\ProxyWay\proxyway.exe:*:Enabled:ProxyWay
"C:\Documents and Settings\Admin\My Documents\My Downloads\YuLeech-RunesofMagic2_0_1_1821-en.exe" = C:\Documents and Settings\Admin\My Documents\My Downloads\YuLeech-RunesofMagic2_0_1_1821-en.exe:*:Enabled:FOG Downloader
"C:\Program Files\Wakfu\Wakfu.exe" = C:\Program Files\Wakfu\Wakfu.exe:*:Enabled:Wakfu Client
"C:\Program Files\Proxifier\Proxifier.exe" = C:\Program Files\Proxifier\Proxifier.exe:*:Enabled:Proxifier 2.7
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jdk1.5.0_09\bin\java.exe" = C:\Program Files\Java\jdk1.5.0_09\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jdk1.5.0_09\jre\bin\java.exe" = C:\Program Files\Java\jdk1.5.0_09\jre\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Admin\My Documents\eclipse\eclipse.exe" = C:\Documents and Settings\Admin\My Documents\eclipse\eclipse.exe:*:Enabled:eclipse
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Program Files\Steam\steamapps\narconick\source sdk base\hl2.exe" = C:\Program Files\Steam\steamapps\narconick\source sdk base\hl2.exe:*:Enabled:hl2
"C:\Program Files\TimeGate Studios\Section 8 Beta Test\Binaries\S8Game-F.exe" = C:\Program Files\TimeGate Studios\Section 8 Beta Test\Binaries\S8Game-F.exe:*:Enabled:Section 8
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe" = C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe -- ()
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe" = C:\Program Files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe:*:Enabled:dndclient
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM
"C:\PandoraFox\firefox.exe" = C:\PandoraFox\firefox.exe:*:Enabled:Firefox
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe" = C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Admin\Application Data\GameRanger\GameRanger\GameRanger.exe" = C:\Documents and Settings\Admin\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger
"C:\Program Files\Steam\steamapps\common\bioshock 2\MP\Builds\Binaries\Bioshock2.exe" = C:\Program Files\Steam\steamapps\common\bioshock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:Bioshock 2 Multiplayer
"C:\Program Files\Steam\steamapps\common\bioshock 2\SP\Builds\Binaries\Bioshock2.exe" = C:\Program Files\Steam\steamapps\common\bioshock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2
"C:\Program Files\Steam\steamapps\common\bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe" = C:\Program Files\Steam\steamapps\common\bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe:*:Enabled:BioShock 2
"C:\Program Files\Steam\steamapps\common\bioshock 2\MP\Builds\Binaries\Bioshock2Launcher.exe" = C:\Program Files\Steam\steamapps\common\bioshock 2\MP\Builds\Binaries\Bioshock2Launcher.exe:*:Enabled:BioShock 2
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead
"C:\Program Files\Steam\steamapps\common\psychonauts\PsychoLauncher.exe" = C:\Program Files\Steam\steamapps\common\psychonauts\PsychoLauncher.exe:*:Enabled:Psychonauts
"C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe" = C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:BioShock
"C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight
"C:\Program Files\Steam\steamapps\common\torchlight\TorchED\Editor.exe" = C:\Program Files\Steam\steamapps\common\torchlight\TorchED\Editor.exe:*:Enabled:Torchlight Editor
"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\StarCraft II Beta\Versions\Base15250\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15250\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\StarCraft II Beta\Versions\Base15343\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15343\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\StarCraft II Beta\Support\BlizzardDownloader.exe" = C:\Program Files\StarCraft II Beta\Support\BlizzardDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\StarCraft II Beta\Versions\Base15392\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15392\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\StarCraft II Beta\Versions\Base15449\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15449\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe" = C:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Beta
"C:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPGame.exe" = C:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPGame.exe:*:Enabled:Medal of Honor: Multiplayer
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server
"C:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe" = C:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World
"C:\Documents and Settings\Admin\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Admin\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client
"C:\Program Files\Steam\steamapps\common\resident evil 5\RE5DX9.EXE" = C:\Program Files\Steam\steamapps\common\resident evil 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5
"C:\Program Files\Steam\steamapps\common\recettear - demo\recettear.exe" = C:\Program Files\Steam\steamapps\common\recettear - demo\recettear.exe:*:Enabled:Recettear: An Item Shop's Tale - Demo
"C:\Program Files\Steam\steamapps\common\recettear - demo\custom.exe" = C:\Program Files\Steam\steamapps\common\recettear - demo\custom.exe:*:Enabled:Recettear: An Item Shop's Tale - Demo
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe" = C:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe:*:Enabled:Grand Theft Auto IV
"C:\Program Files\Steam\steamapps\common\batman arkham asylum goty\Binaries\ShippingPC-BmGame.exe" = C:\Program Files\Steam\steamapps\common\batman arkham asylum goty\Binaries\ShippingPC-BmGame.exe:*:Enabled:BmGame
"C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Hi-Rez Studios\games\global agenda live\Binaries\GlobalAgenda.exe" = C:\Program Files\Hi-Rez Studios\games\global agenda live\Binaries\GlobalAgenda.exe:*:Enabled:TgGame Client
"F:\eclipse\eclipse.exe" = F:\eclipse\eclipse.exe:*:Enabled:eclipse
"C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Steam\steamapps\common\dead space 2\deadspace2.exe" = C:\Program Files\Steam\steamapps\common\dead space 2\deadspace2.exe:*:Enabled:Dead Space 2 -- (Electronic Arts Inc.)
"C:\Program Files\Steam\steamapps\common\dead space 2\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\dead space 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dead Space 2 -- ()
"C:\Program Files\Steam\steamapps\common\amnesia the dark descent\Launcher.exe" = C:\Program Files\Steam\steamapps\common\amnesia the dark descent\Launcher.exe:*:Enabled:Amnesia: The Dark Descent -- ()
"C:\Program Files\Steam\steamapps\common\recettear\recettear.exe" = C:\Program Files\Steam\steamapps\common\recettear\recettear.exe:*:Enabled:Recettear: An Item Shop's Tale -- (Easygamestation, Carpe Fulgur LLC)
"C:\Program Files\Steam\steamapps\common\recettear\custom.exe" = C:\Program Files\Steam\steamapps\common\recettear\custom.exe:*:Enabled:Recettear: An Item Shop's Tale -- ()
"F:\Xmanager.exe" = F:\Xmanager.exe:*:Enabled:Xmanager - PC X Server Program
"F:\Xsound.exe" = F:\Xsound.exe:*:Enabled:Xsound - Xsound for Xmanager
"F:\Xftp.exe" = F:\Xftp.exe:*:Enabled:Xftp - Secure File Transfer Software
"C:\Program Files\Steam\steamapps\common\the binding of isaac\Binding_of_Isaac.exe" = C:\Program Files\Steam\steamapps\common\the binding of isaac\Binding_of_Isaac.exe:*:Enabled:The Binding Of Isaac -- (Edmund Mcmillen & Florian Himsl )
"C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files\Steam\steamapps\common\uplink\Uplink.exe" = C:\Program Files\Steam\steamapps\common\uplink\Uplink.exe:*:Enabled:Uplink -- ()
"C:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe" = C:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe:*:Enabled:Multiwinia -- (Introversion Software)
"C:\Program Files\Steam\steamapps\common\darwinia\darwinia.exe" = C:\Program Files\Steam\steamapps\common\darwinia\darwinia.exe:*:Enabled:Darwinia -- (Introversion Software)
"C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe" = C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe:*:Enabled:MotoCast -- (Motorola Mobility Inc.)
"C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe" = C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe:*:Enabled:MotoCast-thumbnailer -- ()
"C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Steam\steamapps\common\spacechem\SpaceChem.exe" = C:\Program Files\Steam\steamapps\common\spacechem\SpaceChem.exe:*:Enabled:SpaceChem -- (Zachtronics Industries)
"C:\Program Files\Motorola Media Link\Lite\MML.exe" = C:\Program Files\Motorola Media Link\Lite\MML.exe:*:Enabled:MML -- (Nero AG)
"C:\Program Files\Steam\steamapps\common\super meat boy\SuperMeatBoy.exe" = C:\Program Files\Steam\steamapps\common\super meat boy\SuperMeatBoy.exe:*:Enabled:Super Meat Boy Editor -- ()
"C:\Program Files\Steam\steamapps\common\nightsky\NightSky.exe" = C:\Program Files\Steam\steamapps\common\nightsky\NightSky.exe:*:Enabled:NightSky -- ( )
"C:\Program Files\Steam\steamapps\common\shank\bin\Shank.exe" = C:\Program Files\Steam\steamapps\common\shank\bin\Shank.exe:*:Enabled:Shank -- (Klei Entertainment Inc.)
"C:\Program Files\Steam\steamapps\common\bit.trip runner\runner.exe" = C:\Program Files\Steam\steamapps\common\bit.trip runner\runner.exe:*:Enabled:BIT.TRIP RUNNER -- ()
"C:\Program Files\Steam\steamapps\common\the binding of isaac\Isaac.exe" = C:\Program Files\Steam\steamapps\common\the binding of isaac\Isaac.exe:*:Enabled:The Binding Of Isaac -- (Edmund Mcmillen & Florian Himsl )
"C:\Program Files\Steam\steamapps\common\portal 2\portal2.exe" = C:\Program Files\Steam\steamapps\common\portal 2\portal2.exe:*:Enabled:Portal 2 -- ()
"C:\Program Files\Steam\steamapps\common\deus ex - human revolution\dxhr.exe" = C:\Program Files\Steam\steamapps\common\deus ex - human revolution\dxhr.exe:*:Enabled:Deus Ex: Human Revolution -- (Square Enix Limited)
"C:\Program Files\Jump Desktop\JumpWinClient.exe" = C:\Program Files\Jump Desktop\JumpWinClient.exe:*:Enabled:Jump Desktop Viewer -- (Phase Five Systems)
"C:\Program Files\Jump Desktop\JumpDesktop.exe" = C:\Program Files\Jump Desktop\JumpDesktop.exe:*:Enabled:Jump Desktop Tray Application -- (Phase Five Systems)
"C:\Program Files\Jump Desktop\JumpService.exe" = C:\Program Files\Jump Desktop\JumpService.exe:*:Enabled:Jump Desktop Service -- (Phase Five Systems)
"C:\Program Files\TightVNC\tvnserver.exe" = C:\Program Files\TightVNC\tvnserver.exe:*:Enabled:TightVNC Server -- (GlavSoft LLC.)
"C:\Program Files\TightVNC\vncviewer.exe" = C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer -- (TightVNC Group)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Steam\steamapps\common\trauma\trauma.exe" = C:\Program Files\Steam\steamapps\common\trauma\trauma.exe:*:Enabled:TRAUMA -- (Adobe Systems, Inc.)
"C:\Program Files\Motorola\RSD Lite\SDL.exe" = C:\Program Files\Motorola\RSD Lite\SDL.exe:*:Enabled:SDL
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = C:\Program Files\Steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe:*:Enabled:Call of Duty: Modern Warfare 3 - Multiplayer -- ()
"C:\Program Files\Steam\steamapps\common\dinner date\Dinner Date.exe" = C:\Program Files\Steam\steamapps\common\dinner date\Dinner Date.exe:*:Enabled:Dinner Date -- ()
"C:\Program Files\Steam\steamapps\common\frozen synapse\FrozenSynapse.exe" = C:\Program Files\Steam\steamapps\common\frozen synapse\FrozenSynapse.exe:*:Enabled:Frozen Synapse -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe" = C:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe:*:Enabled:The Elder Scrolls V: Skyrim -- (Bethesda Softworks)
"C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe" = C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe:*:Enabled:Dota 2 -- ()
"C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe" = C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe:*:Enabled:Splashtop® Streamer -- (Splashtop Inc.)
"C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe" = C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe:*:Enabled:Splashtop® GDI Server -- (Splashtop Inc.)
"C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe" = C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe:*:Enabled:Splashtop® PROXY Server -- (Splashtop Inc.)
"C:\Program Files\Splashtop\Splashtop Remote\Server\inputserv.exe" = C:\Program Files\Splashtop\Splashtop Remote\Server\inputserv.exe:*:Enabled:Splashtop® INPUT Server -- (Splashtop, Inc.)
"C:\Program Files\Splashtop\Splashtop Remote\Server\SRLogin.exe" = C:\Program Files\Splashtop\Splashtop Remote\Server\SRLogin.exe:*:Enabled:Splashtop® Login Server -- (Splashtop Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{028814FB-D05F-495E-81D7-636A87321025}" = CreativeProjectsTemplates
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{11680998-6792-4DE9-8DE1-D6D041418B26}" = SkinsHP1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A710662-702F-4527-A703-792D366AF625}" = Xftp 4
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{32A3A4F4-B792-11D6-A78A-00B0D0150090}" = J2SE Development Kit 5.0 Update 9
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3662AF19-6E4B-4F6D-A61C-F3CB6D67097D}" = QuickProjects
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6102D63A-9387-4FC8-98E4-181121F8C0BA}" = MPlugin_USA
"{641410DD-5F16-4DEA-83C9-36D2D290FC18}" = Jump Desktop
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{66D475AE-F18B-43A0-8BAF-61AF4403E339}" = Webcam 1200
"{696C94BC-44BC-4B8E-ABAA-6FFC0F11A6D3}" = PhotoGallery
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6C12B6BF-3891-497B-B5CA-3D64DA093947}" = Motorola Mobile Drivers Installation 5.4.0
"{7107A761-B2F7-4BB0-84DA-CD90B562A72D}" = Director
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{827ECAB7-3F8E-4A66-A663-67A8F678536C}" = CreativeProjects
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FCA160-C051-42AE-9A40-9E58E09EC529}" = Embarcadero ERStudio Data Architect 9.1
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92E0213D-2D81-4AC0-B9E5-BCB3AB8C2F9E}" = HP Deskjet 6800
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0B921DC-B86A-41FE-BF4C-BC7D3026918B}" = HuxleyTheDystopia
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B26AEDA3-B044-4FC0-B243-871FDAA6D2B6}" = Hex Color Finder
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3A77A42-DCF7-4830-AE0E-8CEE34A76200}" = CueTour
"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF0668D2-AFE3-47A7-BA80-3BBAFEE5524C}" = Xmanager Enterprise 4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3502B86-FAC7-43AA-82D8-AB30EC51596A}" = PrintScreen
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"274c5407c4fa26908310cb5c1c5000001954585180" = NetBeans IDE 5.0
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Kindle" = Amazon Kindle
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"comtypes-py2.5" = Python 2.5 comtypes-0.6.2
"CSCLIB" = Canon Camera Support Core Library
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Defraggler" = Defraggler
"DeskJet 6800 Installer" = HP Deskjet 6800
"Disk Space Fan_is1" = Disk Space Fan 1.4.4.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"doubleTwist" = doubleTwist
"ER/Studio Data Architect 9.1" = ER/Studio Data Architect 9.1
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photo & Imaging" = HP Photo & Imaging 4.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War™ 1.3 Patch
"InstallShield_{2A710662-702F-4527-A703-792D366AF625}" = Xftp 4
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{BF0668D2-AFE3-47A7-BA80-3BBAFEE5524C}" = Xmanager Enterprise 4
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Jack Claw_is1" = Jack Claw
"JCreator LE_is1" = JCreator LE 4.00
"jGRASP" = jGRASP
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Launchy_21344213_is1" = Launchy 2.5
"LOSI" = LOSI 0.4.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PIL-py2.5" = Python 2.5 PIL-1.1.6
"psyco-py2.5" = Python 2.5 psyco-1.6
"PunkBusterSvc" = PunkBuster Services
"pywin32-py2.5" = Python 2.5 pywin32-216
"Rainmeter" = Rainmeter
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Recuva" = Recuva (remove only)
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RocketDock_is1" = RocketDock 1.3.5
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 105600" = Terraria
"Steam App 113200" = The Binding Of Isaac
"Steam App 1500" = Darwinia
"Steam App 1510" = Uplink
"Steam App 1520" = DEFCON
"Steam App 1530" = Multiwinia
"Steam App 200900" = Cave Story+
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 47780" = Dead Space 2
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 6120" = Shank
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 70300" = VVVVVV
"Steam App 70410" = Recettear: An Item Shop's Tale - Demo
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 92800" = SpaceChem
"Steam App 94000" = Dinner Date
"Steam App 94200" = Jamestown
"Steam App 98100" = TRAUMA
"Steam App 98200" = Frozen Synapse
"Steam App 99700" = NightSky
"SystemRequirementsLab" = System Requirements Lab
"TightVNC" = TightVNC 2.0.2
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.11.0 (ansi) for Python 2.5
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1960408961-1177238915-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Flux" = F.lux
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"MusicManager" = Music Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/4/2012 3:16:29 AM | Computer Name = NICK-9897FD19A0 | Source = Bonjour Service | ID = 100
Description = 208: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/4/2012 3:16:29 AM | Computer Name = NICK-9897FD19A0 | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/4/2012 3:16:29 AM | Computer Name = NICK-9897FD19A0 | Source = Bonjour Service | ID = 100
Description = 424: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/4/2012 3:16:29 AM | Computer Name = NICK-9897FD19A0 | Source = Bonjour Service | ID = 100
Description = 440: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/4/2012 5:00:21 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

Error - 3/5/2012 5:00:23 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

Error - 3/6/2012 5:00:23 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

Error - 3/7/2012 5:00:19 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

Error - 3/8/2012 5:00:24 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

Error - 3/9/2012 5:00:24 AM | Computer Name = NICK-9897FD19A0 | Source = NativeWrapper | ID = 5000
Description =

[ System Events ]
Error - 3/10/2012 1:15:49 AM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/10/2012 1:15:49 AM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/10/2012 1:15:49 AM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/10/2012 1:15:49 AM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/10/2012 1:15:49 AM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/10/2012 1:15:49 AM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/10/2012 1:15:49 AM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/10/2012 1:15:49 AM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/10/2012 1:15:49 AM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/10/2012 1:15:49 AM | Computer Name = NICK-9897FD19A0 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:54 AM

Posted 10 March 2012 - 12:40 AM

Hi

Please run the following:


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
    O3 - HKU\S-1-5-21-1960408961-1177238915-839522115-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 10 March 2012 - 01:27 AM

EDIT: Whoops, read that wrong. I'll run the new scan

Edited by sinick, 10 March 2012 - 01:28 AM.


#12 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 10 March 2012 - 01:49 AM

A little while after the fix started, it closed all other running programs (I think, all I could see was OTL and the desktop), and an error message appeared in a popup that said OTL couldn't do something with HOSTS. Then I saw an AVIRA antivirus popup in the bottom corner that said it had blocked HOST access or something. I left OTL and its error message alone for a while, then closed its error message and left it alone, and eventually there was no activity on my computer for about 10-15 minutes from anything. After waiting some more, OTL was still hanging, so I closed it and rebooted. A log file showed up, below. I decided to uninstall AVIRA to keep it from interfering anymore. I thought it had been disabled, but it might have re-enabled on a previous reboot. So I just got rid of it.

The good news is during this reboot my mouse and keyboard lit up during the whole boot sequence. Which hasn't happened since I was infected.

Here's what came up when I booted back up:




Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#13 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 10 March 2012 - 01:52 AM

I think the custom fix section had

[resethosts]
[purity]
[emptytemp]
[Reboot]

left on it when it seemed to be doing nothing for a long time.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:54 AM

Posted 10 March 2012 - 03:40 PM

please run the following:

Posted Image Please click HERE to download Kaspersky Virus Removal Tool (click on the Download link for Version 11).
NOTE. This is quite large file, so be patient.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop (be patient; it may take a while).
  • Accept license agreement and click "Start" button.
  • Click on Settings button Posted Image
    • In Scan scope leave pre-checked items as they're and also checkmark My Computer
    • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
  • Click on Automatic Scan tab and then click on Start scanning button.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done NO log will be produced.
  • Click on Report button Posted Image then on Automatic Scan report tab.
  • Right click anywhere within right pane, click Select All then right click again and click Copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 sinick

sinick
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 10 March 2012 - 04:18 PM

Nothing happens when I click the download links from http://www.kaspersky.com/antivirus-removal-tool?form=1, except that the URL changes to

http://www.kaspersky.com/antivirus-removal-tool?form=1#




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users